CASP License in Germany
Germany is one of the most institutionally trusted financial jurisdictions in the European Union and a preferred location for crypto businesses that require credibility with banks, enterprise clients, and regulated counterparties. Under the EU’s Markets in Crypto-Assets Regulation (MiCA), Crypto-Asset Service Providers (CASPs) can obtain a CASP license in Germany and expand across the EU using harmonised passporting rights.
Germany is widely viewed as a “tier-one” MiCA jurisdiction. Supervision is carried out by BaFin (Federal Financial Supervisory Authority), which applies a governance-driven and substance-focused supervisory approach. In practice, this means strong emphasis on management accountability, operational resilience, safeguarding of client assets, ICT security, and AML governance that functions in real-world operations.
For exchanges, custodians, brokers, and trading platforms targeting institutional or professional clients, a German CASP license often provides a decisive advantage in banking access, partner onboarding, and long-term EU scalability.
At Legalaes, we provide end-to-end legal and regulatory support for obtaining a CASP license in Germany — from MiCA service scoping and corporate structuring to preparation of the full BaFin application file, regulator engagement, and post-licensing compliance setup — transforming a complex regulatory process into a predictable, milestone-driven project.
Regulations Overview
Crypto-asset services in Germany are governed by the Markets in Crypto-Assets Regulation (EU) 2023/1114 (MiCA).
MiCA establishes a single EU-wide licensing framework for Crypto-Asset Service Providers, covering authorisation requirements, minimum capital, governance, conduct of business, safeguarding of client assets, and operational resilience.
In Germany, the competent authority for CASP licensing and supervision is BaFin – Federal Financial Supervisory Authority.
BaFin is responsible for reviewing CASP license applications, granting authorisation, supervising ongoing compliance, and enforcing MiCA requirements at national level. Germany applies MiCA as directly applicable EU law and does not impose an additional national crypto licensing regime alongside MiCA.
EU-level supervisory coordination, convergence, and public registers are supported by the European Securities and Markets Authority (ESMA).
ESMA maintains EU-wide CASP registers and supports consistent supervision across Member States, including MiCA passporting notifications.
Types of Crypto Licences in Germany (CASP Classes under MiCA)
Under MiCA, CASPs are classified based on the scope and complexity of services provided. Germany applies the EU-harmonised MiCA capital thresholds.
| CASP Class | Minimum Share Capital | Services Covered |
|---|---|---|
| Class 1 – Entry-Level CASP | EUR 50,000 | Reception & transmission of orders, execution of orders, placing of crypto-assets, transfer services, crypto-asset advice, portfolio management |
| Class 2 – Intermediate CASP | EUR 125,000 | All Class 1 services plus custody and administration of crypto-assets, exchange of crypto-assets for funds or other crypto-assets |
| Class 3 – Advanced CASP | EUR 150,000 | All Class 2 services plus operation of a crypto-asset trading platform. |
Each service must be clearly declared and supported by appropriate governance, risk controls, and operational capacity.
Services Allowed under a German CASP License
Subject to the approved scope, a CASP licensed in Germany may provide:
- Custody and administration of crypto-assets, including control of cryptographic keys
- Crypto-to-fiat and crypto-to-crypto exchange services
- Operation of crypto-asset trading platforms
- Brokerage, order execution, and reception and transmission of orders
- Placing of crypto-assets
- Portfolio management and crypto-asset advisory services
- Cross-border provision of services across the EU via MiCA passporting
Overview of Requirements to Obtain a CASP License in Germany
Main requirements under MiCA (as applied in Germany):
- EU-incorporated legal entity with clear governance and accountability
- Minimum paid-up share capital based on CASP class, maintained on an ongoing basis
- Fit-and-proper management and qualifying shareholders (integrity, competence, financial soundness)
- Effective governance and internal control framework (risk, compliance, outsourcing oversight)
- AML framework aligned with EU AML directives and German AML law
- ICT security and operational resilience, including incident response and business continuity
- Safeguarding and segregation of client assets where custody or client holdings apply
- Documented organisational structure, processes, and internal monitoring mechanisms
Detailed Requirements for CASP Licensing in Germany
List of Required Documents
- CASP license application file and statutory declarations
- Programme of Operations (business plan) describing services, target clients, governance, and operational model
- Organisational structure, governance matrix, and role descriptions for key functions
- Fit & Proper dossiers for directors, senior managers, and qualifying shareholders
- AML documentation: risk assessment, policies and procedures, monitoring logic, escalation and reporting workflow
- ICT documentation: system architecture, cybersecurity controls, access management, logging, incident response, BCP/DR
- Client-asset safeguarding and segregation procedures (where applicable)
- Outsourcing register, due diligence on critical service providers, contracts and exit strategies
- Financial model, capital evidence, and proof of sustainable funding
Business Premises Requirements
- Registered head office within the EU (Germany commonly chosen for supervisory clarity)
- Real management and decision-making capacity consistent with MiCA governance expectations
- Secure record-keeping and documentation accessible for BaFin supervisory review
- Outsourced functions must remain fully controlled, auditable, and accountable to the licensed entity
- “Virtual-office-only” arrangements are generally insufficient for regulated CASP operations
Bank Account Requirements
- Operational bank account with an EU-regulated credit institution or payment institution
- Accounts must support capital injection, operating expenses, and settlement flows
- Where client funds or crypto-assets are involved, segregation and reconciliation mechanisms must be documented
- Clear mapping of fund flows (client → CASP → liquidity or settlement partners) included in the Programme of Operations
- Banking readiness is a practical gating factor; governance quality and AML clarity materially affect success
Personnel Requirements
- Management body with collective expertise in crypto, finance, risk, compliance, and governance
- AML function (MLRO/compliance lead) with sufficient seniority and independence
- Risk, compliance, and internal control functions proportionate to the scale and complexity of services
- IT and cybersecurity ownership clearly assigned (in-house or outsourced, with internal accountability)
Legal Services for Obtaining a CASP License in Germany
Foundational CASP Licensing Support
For startups and companies entering Germany under MiCA
- MiCA service scoping and CASP class / capital mapping
- Incorporation or alignment of a German legal entity
- Initial compliance gap analysis and baseline policy framework
- Programme of Operations structure and application pack design
- Preparation and submission of CASP license application to BaFin
- Procedural representation and regulator correspondence
Regulatory & Operational Build-Out
For full BaFin-ready authorisation and operational readiness
- Full policy suite: AML, governance, risk, outsourcing, safeguarding, ICT & incident management
- Fit & Proper files for management, key function holders, and qualifying shareholders
- Detailed Programme of Operations with transaction flows and control environment
- Banking readiness support and safeguarding logic
- Pre-filing QA and regulator engagement strategy
- Management of BaFin clarification rounds and remediation
Ready-to-Operate CASP Solution
For accelerated EU market entry (subject to availability)
- Pre-incorporated German entity structured for MiCA licensing
- CASP file in advanced preparation or near-submission stage
- Clean corporate history and documentation handover
- Ownership and control transfer support
- Transition support and first-cycle compliance setup
Eriks Fijalovs
Head of Blockchain and Crypto
Roadmap to CASP Authorisation in Germany
Eriks Fijalovs
Head of Blockchain and Crypto
Initial Scoping & MiCA Classification
We begin with a regulator-grade review of your business model and map each activity to MiCA CASP services. This determines the correct class, capital threshold, operational perimeter, and key obligations (custody vs exchange vs platform). The objective is to avoid mis-scoping that causes later rework and delays.
Corporate, Governance & Key Function Setup
Next, we structure the German entity and governance model: management responsibilities, internal control functions, and accountability lines. Fit-and-proper requirements are mapped early so key persons and qualifying shareholders can be documented coherently and consistently.
Programme of Operations & Operating Model Design
We convert your commercial plan into a MiCA-compliant narrative: client journeys, transaction flows, custody/safeguarding approach, revenue model, outsourcing dependencies, and operational controls. This becomes the “central story” the regulator assesses.
Controls, AML Governance & ICT Readiness
We build a practical control environment that is both supervisor-ready and operationally workable: onboarding, monitoring logic, escalation, record-keeping, and reporting governance. In parallel, ICT documentation is prepared (security controls, incident response, BCP/DR) so the technology posture can be evidenced during review.
Banking & Financial Evidence
We prepare the banking and funds-flow layer: operational accounts, settlement logic, safeguarding approach (where applicable), capital evidence, and financial projections. This reduces friction with banking partners and strengthens the application’s credibility.
Submission & BaFin Review Management
We submit the application and manage the review cycle: completeness checks, clarification rounds, document updates, and consistent regulator messaging. Fast, controlled responses are typically the biggest lever to keep timelines under control.
Authorisation, Registration & EU Passporting
After authorisation, we support operational go-live controls, internal reporting routines, and EU passporting notifications (where needed). We also help stabilise the compliance programme for the first supervisory cycle.
Detailed Timeline to Obtain a CASP License in Germany
1. Preparation & Structuring
Estimated Time Frame: 6-10 weeks
Service scoping, CASP class selection, governance structuring, key personnel mapping, and Programme of Operations outline. Parallel work begins on controls and ICT baseline.
2. Documentation & Application Pack Build
Estimated Time Frame: 6-10 weeks
Completion of policies, fit-and-proper dossiers, transaction flows, outsourcing register, safeguarding controls (where relevant), and financial evidence. Banking readiness documents and account strategy finalised.
3. Filing & Completeness Review
Estimated Time Frame: 1-3 weeks
Final QA, formatting, and submission. Early-stage checks may trigger requests for missing items; fast responses here prevent timeline slippage.
4. BaFin Assessment & Clarifications
Estimated Time Frame: ~6–8 months (indicative)
Substantive review of governance, resilience/ICT, safeguarding, outsourcing, and overall operational readiness. Expect multiple Q&A rounds; speed and consistency of responses materially impact total duration.
5. Decision & Go-Live Stabilisation
Estimated Time Frame: 4-8 weeks
Authorisation decision, completion of any conditions (if imposed), finalisation of internal reporting calendars, and readiness for first supervisory interactions.
Total indicative timeline: ~8–10 months from project start to operational readiness (complex custody/platform models may require longer).
Tips to reduce delays:
Submit harmonised documentation (Programme of Operations aligned with controls), keep key persons available for clarifications, and document funds-flow and banking logic early.
Advantages of a CASP Licence in Germany
01
EU-wide market access under MiCA
A German CASP licence enables EU passporting, allowing you to scale across Member States under one authorisation rather than rebuilding licensing projects country-by-country.
02
Stronger banking and enterprise acceptance
Germany’s supervisory reputation and BaFin oversight can materially improve credibility with banks, EMIs, institutional partners, and enterprise counterparties—especially for custody and exchange models that depend on stable financial infrastructure.
03
Clear rulebook applied on an EU-harmonised basis
MiCA provides a harmonised framework for services, capital, conduct, and client-asset protection. This reduces uncertainty and supports long-term product planning and investment decisions.
04
Built for institutional-grade infrastructure
Germany is a strong fit for custody, brokerage, exchanges, and trading platforms aiming for professional and institutional clients. The governance and resilience expectations—when implemented properly—become a competitive advantage in partnership negotiations.
05
Deep financial and compliance ecosystem
Germany offers a mature ecosystem of auditors, legal advisors, compliance vendors, technology providers, and financial institutions experienced with regulated models—practical support that matters after authorisation.
06
Operational resilience aligned with EU direction
MiCA’s operational expectations sit alongside broader EU resilience trends (e.g., DORA). Building your CASP to a high operational standard improves reliability, reduces incidents, and makes it easier to evidence readiness to partners and supervisors.
07
Lower cross-border friction on AML expectations
A strong AML governance baseline (EU AML framework + German implementation) helps reduce banking friction and supports stable cross-border relationships where counterparties demand robust controls and clear accountability.
08
Predictable supervisory anchor for EU scaling
Germany provides a clear supervisory anchor for EU growth: once the core model is authorised and stabilised, cross-border expansion becomes an operational rollout rather than repeated licensing reinvention.
Key Legal & Regulatory Resources
The core EU regulation governing CASP authorisation, minimum capital, governance, conduct of business, client-asset protection, and EU passporting rights.
BaFin’s official MiCA portal outlining German supervisory expectations, authorisation processes, timelines, and implementation guidance for CASPs.
Bundesbank overview explaining the scope, application date, and interaction of MiCA with Germany’s financial supervisory framework.
ESMA’s MiCA hub covering EU-level implementation, supervisory coordination, and technical standards relevant to CASPs.
Central EU access point for public registers, including MiCA-related registers of authorised CASPs and passporting notifications.
EU framework for ICT risk management, incident reporting, resilience testing, and oversight of critical ICT third-party providers for financial entities.
EU framework for ICT risk management, incident reporting, resilience testing, and oversight of critical ICT third-party providers for financial entities.
EU data protection regime governing the processing, storage, and transfer of personal data by CASPs and other regulated entities.
Germany’s national AML/CFT law implementing EU AML directives and setting obligations for customer due diligence, monitoring, and reporting.
BaFin’s practical supervisory guidance explaining how AML obligations under the GwG are expected to be applied in real-world operations.
Taxation of CASP Companies in Germany
Germany applies a standard corporate taxation model rather than a distributed-profit system. For CASPs operating from Germany, the most relevant tax considerations are corporate income tax, municipal trade tax, dividend taxation, payroll obligations, and VAT classification of crypto services.
1. Corporate Income Tax (CIT) and Solidarity Surcharge
Corporate Income Tax (CIT) and Solidarity Surcharge
Corporate profits are subject to 15% corporate income tax, plus a solidarity surcharge of 5.5% calculated on the corporate tax amount. This results in an effective federal burden of approximately 15.825%, before municipal trade tax.
2. Municipal Trade Tax (Gewerbesteuer)
Municipal Trade Tax (Gewerbesteuer)
In addition to corporate tax, German companies pay municipal trade tax. Rates vary by municipality and are based on a local multiplier. In practice, the combined effective corporate tax burden (CIT + solidarity surcharge + trade tax) often falls in the ~28–32% range, depending on location.
3. Dividends and Withholding Tax
Dividends and Withholding Tax
Dividend distributions are generally subject to German withholding tax, typically 25% plus solidarity surcharge, subject to reductions under double tax treaties or EU participation exemptions. Holding-company structuring and shareholder jurisdiction therefore materially affect net returns.
4. Payroll and Employment Taxes
Payroll and Employment Taxes
Employees working in Germany are subject to German wage tax withholding and social security contributions. For CASPs, careful structuring of management, compliance, and IT/security roles is important, as supervisory expectations often require clear local accountability for key functions.
5. VAT on CASP Activities
VAT on CASP Activities
VAT treatment depends on the nature of the service:
- Crypto-to-fiat exchange services are generally treated as VAT-exempt financial services, based on EU case law.
- Ancillary services (e.g. SaaS platform fees, technology or advisory services not directly linked to exempt exchange activity) may be VAT-able and require separate assessment.
6. Practical Note for Founders
Practical Note for Founders
From a founder’s perspective, Germany is not a low-tax jurisdiction, but it offers high regulatory credibility and stability. Many CASPs accept a higher headline tax burden in exchange for improved banking access, institutional partner acceptance, and long-term EU scalability under MiCA. In practice, founders often optimise taxation through group structuring (e.g. IP location, service companies, or holding structures) rather than attempting to minimise tax within the regulated German entity itself.
FAQ — CASP License in Germany (MiCA)
1. Who is the competent authority for CASP licensing in Germany?
BaFin (Federal Financial Supervisory Authority) is the competent authority responsible for authorisation and ongoing supervision of CASPs in Germany under MiCA.
2. Which regulation governs CASPs and crypto-asset services in Germany?
MiCA (Regulation (EU) 2023/1114) governs CASP authorisation and conduct across the EU, applied directly in Germany.
3. Is a separate national crypto licence required in Germany beyond MiCA?
Germany applies MiCA as directly applicable EU law and does not introduce a parallel national CASP licensing layer for MiCA services.
4. What minimum capital is required for a CASP licence?
Minimum initial capital depends on the services: typically EUR 50,000 / 125,000 / 150,000 under MiCA classes (entry / intermediate / advanced), depending on whether you offer custody, exchange, and/or operate a trading platform.
5. Do we need a German company and office?
MiCA requires an EU-established structure and real governance/operational capacity. Germany is commonly used for clarity with BaFin supervision. A real operational setup is expected; purely virtual presence is generally not sufficient for regulated operations.
6. Can foreign founders and shareholders apply?
Yes. Foreign ownership is permitted, but qualifying shareholders and key persons are subject to fit-and-proper assessment (integrity, competence, and financial soundness). The ownership chain must be transparent and defensible.
7. What are the key AML/CFT obligations for German CASPs?
CASPs must implement a risk-based AML programme including CDD/EDD, sanctions screening, transaction monitoring, SAR processes, record-keeping, and governance controls. German AML law (GwG) and BaFin guidance are key reference points.
8. Do CASPs need specific banking arrangements before authorisation?
In practice, you should be able to evidence an operational banking setup and clearly document customer and settlement flows. For custody or models involving client funds, you must demonstrate segregation/safeguarding logic and controls to support client asset protection.
9. Can a German CASP passport services across the EU?
Yes. Once authorised, a CASP can passport its approved services to other EU Member States under MiCA procedures (within scope), subject to notification processes and ongoing compliance.
10. How long does the licensing process take, realistically?
A well-prepared project commonly runs ~8–10 months from submission, depending on scope (custody/platform models are heavier) and the number of clarification rounds. Strong upfront alignment of Programme of Operations, AML/ICT documentation, and governance dossiers significantly reduces delays.
Each of our projects receives unique and tailored solutions in accordance with the initial objectives and vision of the shareholders.
May also interest you
