EU/EEA PassportingMiCA CASP authorisation

CASP Authorisation in Cyprus

Cyprus is a CySEC-supervised EU CASP route under MiCA for teams that understand regulated financial services, fintech operations and cross-border controls. It can support EU/EEA passporting planning, but it is not a low-substance shortcut.

Processing time
From 6 months
Service price
17 000 EUR
Required share capital
From 50 000 EUR
State fee
10,000 EUR
Annual supervision fee
From 10 000 EUR
Banking difficulty
Medium to high
RegulatorCyprus Securities and Exchange Commission (CySEC)

Confirm current CySEC MiCA application forms, fee schedule, transitional rules and supervisory expectations before using this page for client advice.

Regulatory status should be confirmed by local counsel before relying on this route.

What is Cyprus CASP authorisation?

Cyprus CASP authorisation is the CySEC-supervised route for crypto-asset service providers under MiCA. It is most relevant for teams that want an EU-regulated operating base and can evidence financial-services-grade governance, AML controls, custody arrangements, audit readiness and local substance.

CASP
Jurisdiction
Cyprus
Regulator
Cyprus Securities and Exchange Commission (CySEC)
Regime
CASP
Legal basis
Legal basis: MiCA CASP authorisation supervised by CySEC.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

CASP service scope in Cyprus

The Cyprus file should start with a precise MiCA service perimeter. Exchange, custody, brokerage, wallet, advisory, staking and payment-adjacent activity can each change the evidence expected for governance, safeguarding, AML, outsourcing and banking.

  • Exchange

    Conditional

    Exchange activity may require additional scope or separate licensing.

  • Custody

    Conditional

    Custody may require separate review or additional controls.

  • Brokerage

    Conditional

    Brokerage or OTC activity typically fits within scope.

  • Wallet provider

    Conditional

    Exchange activity may require additional scope or separate licensing.

  • EU market

    Included

    EU/EEA passporting available.

  • Startups

    Excluded

    High setup complexity means significant budget is needed.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

EU/EEA passporting from Cyprus

Cyprus can support EU/EEA passporting planning under MiCA, but passporting should be tied to the authorised services, target countries and notification process. It is not automatic access for every future product, token or client segment.

  • Map each target EU/EEA market to the exact CASP services requested in Cyprus.

  • Define client categories, marketing channels and cross-border responsibilities before filing.

  • Use Turkey as a non-EU local-market contrast, not as a substitute for EU/EEA passporting.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Capital, governance and audit expectations

The CSV snapshot positions Cyprus as a high-complexity route with share capital from 50,000 EUR, a 10,000 EUR state fee, annual supervision fee from 10000 EUR, required local staff, physical office and audit. The real cost is the ongoing regulated operating model.

  • Board, senior management, compliance, AML, risk, technology and custody ownership should be named and credible.high
  • Capital planning should match the service scope, especially for exchange, custody, staking or fiat-heavy operations.high
  • Audit, reporting, outsourcing oversight, safeguarding and incident-management workflows should be budgeted as recurring obligations.high

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Cyprus CASP application bottlenecks

Most Cyprus CASP blockers are operating-model issues. The application is easier to defend when service scope, local substance, governance, AML, custody, audit and banking are solved before the timeline is sold to stakeholders.

  • Unclear CASP service perimeter or EU/EEA passporting plan

    High

  • Local office or staffing model that does not support real Cyprus substance

    High

  • Weak custody, safeguarding, wallet or technology-control evidence

    High

  • Generic AML policies that do not match clients, tokens, geography and fiat flows

    High

  • Banking, EMI, PI or PSP package prepared too late

    High

  • Route selection driven by a low-budget or fast offshore objective rather than CySEC-supervised EU CASP operations

    High

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Activity fit for this route

Review which crypto activities fit within the scope of this route.

Exchange
Conditional

Exchange activity may require additional scope or separate licensing.

Custody
Conditional

Custody may require separate review or additional controls.

Brokerage
Conditional

Brokerage or OTC activity typically fits within scope.

Wallet provider
Conditional

Exchange activity may require additional scope or separate licensing.

EU market
Suitable

EU/EEA passporting available.

Startups
Not suitable

High setup complexity means significant budget is needed.

Not sure if your model fits? Request a licensing assessment

Is Cyprus CASP authorisation right for your project?

Best for

  • EU passporting and regulated CASP operations
  • EU/EEA market access

Not suitable for

  • Low-budget or fast offshore setup
  • Projects without a prepared banking strategy

Banking difficulty is high for this route. Prepare a banking strategy before committing to the Cyprus route.

Core requirements

Use this section to check the main regulatory and operational requirements before committing to a jurisdiction.

Required share capitalFrom 50 000 EUR
Required
Local staffRequired
Required
Physical officeRequired
Required
AuditRequired
Required

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Local substance in Cyprus

Local staff and physical office should be treated as operating requirements. A nominal Cyprus address is not enough if key decisions, compliance ownership, custody oversight and regulator-facing accountability sit elsewhere without a defensible control model.

Local staff

Required

Required

At least one locally-accountable staff member or director is expected.

Physical office

Required

Required

A genuine office presence is expected, not a nominal registered address.

Audit

Required

Required

External audit is required for ongoing supervision compliance.

Planning notes

  • Define which governance, AML, risk and operational responsibilities sit in Cyprus.
  • Document group outsourcing, technology providers, custody infrastructure and board oversight before filing.
  • Budget local staff, office, audit and ongoing compliance separately from application advisory fees.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Cost breakdown

Budget for service price, regulatory fees, share capital and ongoing costs separately.

Service price (professional fees)Application preparation and professional services.
17 000 EUR EURFixed
State fee
10,000 EURFrom
Annual supervision feeRecurring annual cost after authorisation.
From 10 000 EURFrom
Required share capitalMust be held, not an expenditure.
From 50 000 EURFrom
High ongoing cost

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Cost breakdown — Cyprus

Budget for service price, regulatory fees, share capital and ongoing costs separately.

Cost itemAmount
Service priceApplication preparation and professional services.€17,000
State fee€10,000
Required share capitalMust be held, not an expenditure.€50,000

Summary

One-off costs
€77,000
Annual (year 1)
€0
Total year 1
€77,000

Adjust to convert to your base currency.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Application process

The sequence below shows the usual project flow. Exact steps depend on the regulator, business model and application scope. Cyprus — From 6 months.

Total timelineFrom 6 months

  1. Pre-assessment and scope review

    1–3 weeks

    Define the activity scope, governance model and target markets before formal preparation.

  2. Company setup in Cyprus

    2–6 weeks

    Establish legal entity, appoint local staff and set up local operating structure.

  3. Documentation and compliance packBottleneck risk

    3–8 weeks

    Prepare AML/CFT policies, governance documents, controls framework and application materials.

  4. Application submission to Cyprus Securities and Exchange Commission

    1–2 weeks

    Submit complete application with all required documentation.

  5. Regulator reviewBottleneck risk

    From 6 months

    Regulator reviews the application. May request clarifications. Incomplete files extend this phase.

    Depends on: File quality and completeness

  6. Authorisation or registration confirmation

    1–4 weeks

    Regulator confirms authorisation or registration. Commence operations.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

What can delay or increase cost

These factors are most likely to affect timelines and budgets for this route.

High setup complexity
High

Setup complexity is rated high for Cyprus. Company setup, governance and documentation take longer than average.

Likely impactAdd 4–8 weeks to the preparation phase.
MitigationStart company setup and governance planning immediately after scope confirmation.
Banking difficulty
High

Banking difficulty is rated high. Opening accounts for crypto businesses in Cyprus requires extensive documentation.

Likely impactBanking can delay or block operations for 3–6 months after authorisation.
MitigationIdentify and pre-qualify banking partners before submitting the application.
High maintenance cost
Medium

Ongoing supervision, audit and compliance costs are above average. Budget for these separately from the application fee.

Likely impactRecurring annual cost significantly above the one-time service price.
MitigationModel annual compliance costs before committing to this route.
Application completeness
Medium

Incomplete files are the most common cause of delay. Regulator queries extend review by weeks or months.

Likely impactEach regulator query adds 2–6 weeks to the review phase.
MitigationUse a structured compliance pack. Review file completeness before submission.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Banking and PSP strategy

Cyprus has a strong regulated-finance profile, but crypto banking difficulty remains medium to high. Bank, EMI, PI and PSP readiness should run in parallel with the CASP application, especially where the model includes custody, exchange, fiat rails or high-risk client geographies.

Banking difficulty
High

Reflects how challenging it is to open and maintain business bank accounts in this jurisdiction.

Medium PSP availability
Medium

Reflects availability of payment service providers willing to onboard crypto-licensed entities.

A licence or registration does not guarantee bank account or payment provider approval. Banking feasibility should be reviewed before the application strategy is finalized.

Preparation checklist

  • Prepare ownership, source-of-funds, flow-of-funds, client geography, token policy and transaction monitoring evidence.
  • Explain safeguarding, custody and reconciliation arrangements before approaching banks, EMIs, PIs or PSPs.
  • Do not assume CySEC authorisation will automatically solve account opening or payment rail access.

Business model fit — Cyprus

Assess how well this route covers your planned activities.

Fit score

Good fit
0/6
Partial fit
6/6
Poor fit
0/6

Cyprus may not cover your primary activities

Consider an alternative route that better matches your activity profile.

CySEC application profile

Regulatory authority · Cyprus

Cyprus Securities and Exchange Commission (CySEC)

CySEC supervision is familiar to teams with investment services, payments, fintech or regulated brokerage backgrounds. A strong Cyprus CASP file should look like a financial services application, not a template crypto registration pack.

Official regulator website
Likely areas of scrutiny
  • Cyprus is strongest for teams that can combine EU market access planning with real local governance and compliance substance.
  • Custody, exchange and cross-border fiat flows need stronger evidence than narrow brokerage or advisory models.
  • AML, sanctions, travel rule, transaction monitoring, outsourcing, cybersecurity and complaints handling should be product-specific.
  • Current CySEC guidance and MiCA implementation updates should be checked before relying on exact filing assumptions.
Regulatory reputation
High

Strong international recognition and established supervision track record.

Setup complexity
High

Reflects documentation depth, governance requirements and expected review friction.

Regulatory risk
Medium

Reflects likelihood of delays, additional information requests or policy uncertainty.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Compliance documentation

Most crypto licensing routes require a documented compliance framework before submission, not only after approval.

  • Required
    AML/CFT policy and risk assessmentDocument your customer risk model and control framework.
  • Required
    Customer due diligence (CDD) procedures
  • Required
    Enhanced due diligence (EDD) proceduresFor high-risk clients and jurisdictions.
  • Required
    Transaction monitoring system and rules
  • Required
    Sanctions screening procedures
  • Required
    Suspicious activity reporting (SAR) process
  • Required
    MLRO / Compliance officer appointmentLocal accountability may be required.
  • Recommended
    Board-approved governance charter
  • Conditional
    Outsourcing policy and monitoringRequired if functions are outsourced.
  • Recommended
    ICT / cybersecurity policy
  • Required
    Complaints handling procedure
  • Required
    Annual external audit engagementRequired for ongoing supervision compliance.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Documents to prepare

Preparing these materials before filing reduces regulator questions and helps with banking or payment provider onboarding.

0 / 12 required
Required
Recommended
Depends on scope

Corporate documents

AML and compliance

Operational

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Risk assessment

Main risk dimensions for the Cyprus route.

Banking difficulty
High

Route risk rating — banking difficulty: Medium to high. Authorisation does not guarantee bank account opening.

Mitigation: Start banking outreach and compliance preparation before the application.

Setup complexity
High

Route risk rating — setup complexity: High.

Maintenance cost
High

Route risk rating — maintenance cost: High. Budget for ongoing compliance, fees and supervision separately.

Regulatory reputation
High

Route risk rating — regulatory reputation: High.

Regulatory risk
Medium

Route risk rating — regulatory risk: Low to medium. Weak compliance, vague scope or insufficient controls increase review risk.

Mitigation: Prepare an evidence-based compliance file before submission.

This content is for general orientation only. Crypto regulation changes quickly and the final scope should be confirmed through a jurisdiction-specific legal review before filing or incorporation.

Cyprus CASP vs alternatives

Compare Cyprus with Malta CASP for another established EU/MiCA route, Greece CASP for a Mediterranean EU comparison, Lithuania CASP for a Baltic/EU supervisory profile, and Turkey CASP as a non-EU local-market contrast with no EU/EEA passporting.

Current

Cyprus

CASP

Price
17 000 EUR
Timeline
From 6 months
Passporting
EU/EEA
Banking
Medium to high
Reputation
High

Malta (CASP)

CASP

Price
20 700 EUR
Timeline
From 6 months
Passporting
EU/EEA
Banking
Medium to high
Reputation
High

+ Established EU/MiCA CASP route with MFSA supervision

Also demanding on local substance, governance, audit and ongoing controls

View route

Greece (CASP)

CASP

Passporting
EU/EEA
Banking
Medium to high
Reputation
High

+ EU/Mediterranean comparison point for MiCA passporting planning

Route suitability depends on local substance, regulator expectations and banking

View route

Lithuania (CASP)

CASP

Price
17 300 EUR
Timeline
From 6 months
Passporting
EU/EEA
Banking
Medium to high
Reputation
High

+ Baltic/EU route with Bank of Lithuania supervision

Not a lighter option if the business lacks MiCA-level governance and controls

View route

Turkey (CASP)

CASP

Price
52 800 EUR
Timeline
From 3 months
Passporting
No passporting
Banking
High
Reputation
Medium

+ Local-market route for Turkey-facing crypto operations

No EU/EEA passporting and a materially different regulatory perimeter

View route

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Cyprus vs other CASP routes

Compare key parameters across CASP authorisation routes.

Sort by:
CyprusCurrent
Price17 000 EUR
TimelineFrom 6 months
BankingMedium to high
ReputationHigh
Malta
Price20 700 EUR
TimelineFrom 6 months
BankingMedium to high
ReputationHigh
Lithuania
Price17 300 EUR
TimelineFrom 6 months
BankingMedium to high
ReputationHigh
Turkey
Price52 800 EUR
TimelineFrom 3 months
BankingHigh
ReputationMedium

Check your readiness for Cyprus CASP authorisation

Documented AML/CFT policies, risk assessment, compliance officer.

Share capital

From 50 000 EUR minimum capital required.

AML/CFT framework

Documented AML/CFT policies, risk assessment, compliance officer.

Governance structure

Board, management, accountability chain defined.

Banking preparation

Banking strategy and identified partners.

Local substance plan

Local staff and office in Cyprus.

Readiness status

Answer the criteria on the left to see your readiness status.

Frequently asked questions

Cyprus CASP authorisation under MiCA can support EU/EEA passporting for authorised services, subject to the required notification process. It should not be described as automatic access for every future product, token, client segment or market.

Cyprus is best suited for teams with fintech, investment-services, brokerage, payments or other regulated-finance familiarity that need a CySEC-supervised EU CASP route and can support governance, AML, custody, audit and banking requirements.

Usually no. The route requires local staff, physical office, audit, capital, compliance ownership and ongoing controls, so it is not suitable for a fast offshore setup or a low-substance structure.

The main risk is assuming that authorisation alone will unlock bank or payment provider access. Banks, EMIs, PIs and PSPs will still review ownership, flows, client geography, token policy, AML controls, custody and safeguarding arrangements.

Cyprus is an EU/MiCA route supervised by CySEC and can support EU/EEA passporting planning for authorised services. Turkey is a non-EU local-market CASP route and should not be used as a substitute for EU market access.

The page is not legal advice and should not be relied on as a substitute for advice from qualified counsel in the relevant jurisdiction.

Your dedicated specialists

  • Enrico Kärvinen

    Enrico

  • Rein Tammik

    Rein

  • Jurata Žukaitė

    Jurata

  • Andrej Kazlauskas

    Andrej

  • Marta Värna

    Marta

  • Katrin Lepik

    Katrin

  • Inga Stankavičiūtė

    Inga

Request a Cyprus CASP assessment

Share your planned activities, target markets and timeline. We will review which crypto licensing route is likely to fit.

Leave open if you want a country comparison.
Select every activity you plan to offer. The licence route may change if you include custody, exchange, trading platform or fiat flows.
Include service fees, regulator fees, share capital, local office or staff, audit and ongoing compliance.

By submitting this form, you agree to be contacted about your crypto licensing request. Do not include passwords, private keys or confidential customer data.