EU/EEA PassportingMiCA CASP authorisation

CASP Authorisation in Estonia

Estonia can be attractive for digital-business teams seeking an EU MiCA CASP route, but it should no longer be treated as a lightweight crypto setup. Strong substance, governance, AML, audit, banking and MiCA-readiness are central to the file.

Processing time
From 6 months
Service price
18 400 EUR
Required share capital
From 50 000 EUR
State fee
10 000 EUR
Annual supervision fee
10 000 EUR
Banking difficulty
Medium to high
RegulatorEstonian Financial Supervision Authority (FIU)

Confirm the current Estonian MiCA/CASP supervisory authority, FIU references, application forms and fee schedule before using this page for client advice.

Regulatory status should be confirmed by local counsel before relying on this route.

What is Estonia CASP authorisation?

Estonia CASP authorisation is an EU/MiCA route for crypto-asset service providers that want a regulated operating base and potential EU/EEA market access. Estonia's digital-business reputation is useful, but the application should be treated as a full regulatory file rather than a light registration.

CASP
Jurisdiction
Estonia
Regulator
Estonian Financial Supervision Authority (FIU)
Regime
CASP
Legal basis
Legal basis: MiCA CASP authorisation through the Estonian supervisory framework.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

CASP service scope in Estonia

The Estonia file should begin with a precise activity map. Exchange, custody, brokerage, wallet, advisory, staking or payment-adjacent services can create different evidence requirements for governance, safeguarding, AML and technology controls.

  • Exchange

    Conditional

    Exchange activity may require additional scope or separate licensing.

  • Custody

    Conditional

    Custody may require separate review or additional controls.

  • Brokerage

    Conditional

    Brokerage or OTC activity typically fits within scope.

  • Wallet provider

    Conditional

    Exchange activity may require additional scope or separate licensing.

  • EU market

    Included

    EU/EEA passporting available.

  • Startups

    Excluded

    High setup complexity means significant budget is needed.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

EU/EEA passporting from Estonia

Estonia is relevant for teams that need an EU MiCA CASP route and potential EU/EEA passporting. Passporting should be framed around approved services, target markets and notification steps, not as automatic market access for every future product.

  • Define target EU/EEA countries, client types and services before submission.

  • Map passporting plans to each requested CASP permission and operational capability.

  • Keep the Estonia authorisation strategy separate from non-EU CASP routes such as Turkey.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Capital, governance and audit expectations

The CSV snapshot indicates share capital from 50,000 EUR, state fee of 10,000 EUR, annual supervision fee of 10,000 EUR, local staff, physical office and audit. Estonia may be efficient for digital operations, but the ongoing burden is still material.

  • Board, senior management, compliance, AML and technology ownership should be named and credible.high
  • Capital planning should match the requested activity scope and operating risks.high
  • Audit, outsourcing, reporting and incident-management workflows should be budgeted as recurring obligations.high

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Estonia CASP application bottlenecks

The most common blockers are operating-model issues: vague scope, thin substance, weak AML controls, incomplete banking readiness or a budget based on the old idea that Estonia is a quick crypto setup.

  • Unclear CASP service perimeter or EU/EEA passporting plan

    High

  • Nominal local presence without accountable management

    High

  • Weak custody, safeguarding, wallet or technology-control evidence

    High

  • Generic AML policies that do not match tokens, client geography and fiat flows

    High

  • Banking or PSP package prepared too late

    High

  • Route selection driven by a low-budget or fast offshore objective

    High

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Activity fit for this route

Review which crypto activities fit within the scope of this route.

Exchange
Conditional

Exchange activity may require additional scope or separate licensing.

Custody
Conditional

Custody may require separate review or additional controls.

Brokerage
Conditional

Brokerage or OTC activity typically fits within scope.

Wallet provider
Conditional

Exchange activity may require additional scope or separate licensing.

EU market
Suitable

EU/EEA passporting available.

Startups
Not suitable

High setup complexity means significant budget is needed.

Not sure if your model fits? Request a licensing assessment

Is Estonia CASP authorisation right for your project?

Best for

  • EU passporting and regulated CASP operations
  • EU/EEA market access

Not suitable for

  • Low-budget or fast offshore setup
  • Projects without a prepared banking strategy

Banking difficulty is high for this route. Prepare a banking strategy before committing to the Estonia route.

Core requirements

Use this section to check the main regulatory and operational requirements before committing to a jurisdiction.

Required share capitalFrom 50 000 EUR
Required
Local staffRequired
Required
Physical officeRequired
Required
AuditRequired
Required

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Local substance in Estonia

Local staff and a physical office should be treated as operating requirements, not cosmetic items. Estonia is digital-business friendly, but the CASP model still needs accountable local management and a defensible outsourcing structure.

Local staff

Required

Required

At least one locally-accountable staff member or director is expected.

Physical office

Required

Required

A genuine office presence is expected, not a nominal registered address.

Audit

Required

Required

External audit is required for ongoing supervision compliance.

Planning notes

  • Plan local compliance ownership and regulator-facing accountability before filing.
  • Document what is managed in Estonia and what is outsourced to group or technology providers.
  • Budget staff, office, audit and ongoing compliance separately from application advisory fees.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Cost breakdown

Budget for service price, regulatory fees, share capital and ongoing costs separately.

Service price (professional fees)Application preparation and professional services.
18 400 EUR EURFixed
State fee
10 000 EURFrom
Annual supervision feeRecurring annual cost after authorisation.
10 000 EURFrom
Required share capitalMust be held, not an expenditure.
From 50 000 EURFrom
High ongoing cost

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Cost breakdown — Estonia

Budget for service price, regulatory fees, share capital and ongoing costs separately.

Cost itemAmount
Service priceApplication preparation and professional services.€18,400
State fee€10,000
Required share capitalMust be held, not an expenditure.€50,000

Summary

One-off costs
€78,400
Annual (year 1)
€0
Total year 1
€78,400

Adjust to convert to your base currency.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Application process

The sequence below shows the usual project flow. Exact steps depend on the regulator, business model and application scope. Estonia — From 6 months.

Total timelineFrom 6 months

  1. Pre-assessment and scope review

    1–3 weeks

    Define the activity scope, governance model and target markets before formal preparation.

  2. Company setup in Estonia

    2–6 weeks

    Establish legal entity, appoint local staff and set up local operating structure.

  3. Documentation and compliance packBottleneck risk

    3–8 weeks

    Prepare AML/CFT policies, governance documents, controls framework and application materials.

  4. Application submission to Estonian Financial Supervision Authority

    1–2 weeks

    Submit complete application with all required documentation.

  5. Regulator reviewBottleneck risk

    From 6 months

    Regulator reviews the application. May request clarifications. Incomplete files extend this phase.

    Depends on: File quality and completeness

  6. Authorisation or registration confirmation

    1–4 weeks

    Regulator confirms authorisation or registration. Commence operations.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

What can delay or increase cost

These factors are most likely to affect timelines and budgets for this route.

High setup complexity
High

Setup complexity is rated high for Estonia. Company setup, governance and documentation take longer than average.

Likely impactAdd 4–8 weeks to the preparation phase.
MitigationStart company setup and governance planning immediately after scope confirmation.
Banking difficulty
High

Banking difficulty is rated high. Opening accounts for crypto businesses in Estonia requires extensive documentation.

Likely impactBanking can delay or block operations for 3–6 months after authorisation.
MitigationIdentify and pre-qualify banking partners before submitting the application.
High maintenance cost
Medium

Ongoing supervision, audit and compliance costs are above average. Budget for these separately from the application fee.

Likely impactRecurring annual cost significantly above the one-time service price.
MitigationModel annual compliance costs before committing to this route.
Application completeness
Medium

Incomplete files are the most common cause of delay. Regulator queries extend review by weeks or months.

Likely impactEach regulator query adds 2–6 weeks to the review phase.
MitigationUse a structured compliance pack. Review file completeness before submission.

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Banking and PSP strategy in Estonia

Banking difficulty is medium to high and should be handled before the application becomes a timeline exercise. A credible bank or PSP package is especially important for exchange, custody and fiat-heavy models.

Banking difficulty
High

Reflects how challenging it is to open and maintain business bank accounts in this jurisdiction.

Medium PSP availability
Medium

Reflects availability of payment service providers willing to onboard crypto-licensed entities.

A licence or registration does not guarantee bank account or payment provider approval. Banking feasibility should be reviewed before the application strategy is finalized.

Preparation checklist

  • Prepare flow-of-funds diagrams, client geography, token policy and transaction monitoring evidence.
  • Explain fiat rails, safeguarding and settlement flows before approaching banks or PSPs.
  • Do not assume Estonian authorisation or digital-business reputation will automatically solve account opening.

Business model fit — Estonia

Assess how well this route covers your planned activities.

Fit score

Good fit
0/6
Partial fit
6/6
Poor fit
0/6

Estonia may not cover your primary activities

Consider an alternative route that better matches your activity profile.

Estonian application profile

Regulatory authority · Estonia

Estonian Financial Supervision Authority (FIU)

An Estonia CASP file should read like a regulated financial services application: clear services, accountable management, local substance, AML controls, safeguarding, technology governance and a realistic banking plan. Template policies or nominal local presence create avoidable review risk.

Likely areas of scrutiny
  • Estonia is strongest for teams that value EU reputation and can evidence real local governance.
  • Custody, exchange and cross-border fiat flows need a stronger control file than narrow brokerage models.
  • AML, sanctions, travel rule, transaction monitoring, outsourcing and cybersecurity evidence should match the product.
  • The CSV regulator label should be legally reviewed before final client-facing use.
Regulatory reputation
High

Strong international recognition and established supervision track record.

Setup complexity
High

Reflects documentation depth, governance requirements and expected review friction.

Regulatory risk
Medium

Reflects likelihood of delays, additional information requests or policy uncertainty.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Compliance documentation

Most crypto licensing routes require a documented compliance framework before submission, not only after approval.

  • Required
    AML/CFT policy and risk assessmentDocument your customer risk model and control framework.
  • Required
    Customer due diligence (CDD) procedures
  • Required
    Enhanced due diligence (EDD) proceduresFor high-risk clients and jurisdictions.
  • Required
    Transaction monitoring system and rules
  • Required
    Sanctions screening procedures
  • Required
    Suspicious activity reporting (SAR) process
  • Required
    MLRO / Compliance officer appointmentLocal accountability may be required.
  • Recommended
    Board-approved governance charter
  • Conditional
    Outsourcing policy and monitoringRequired if functions are outsourced.
  • Recommended
    ICT / cybersecurity policy
  • Required
    Complaints handling procedure
  • Required
    Annual external audit engagementRequired for ongoing supervision compliance.

Country-specific regulatory statements should be checked against current regulator guidance before relying on this route.

Documents to prepare

Preparing these materials before filing reduces regulator questions and helps with banking or payment provider onboarding.

0 / 12 required
Required
Recommended
Depends on scope

Corporate documents

AML and compliance

Operational

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Risk assessment

Main risk dimensions for the Estonia route.

Banking difficulty
High

Route risk rating — banking difficulty: Medium to high. Authorisation does not guarantee bank account opening.

Mitigation: Start banking outreach and compliance preparation before the application.

Setup complexity
High

Route risk rating — setup complexity: Medium to high.

Maintenance cost
High

Route risk rating — maintenance cost: High. Budget for ongoing compliance, fees and supervision separately.

Regulatory reputation
High

Route risk rating — regulatory reputation: High.

Regulatory risk
Medium

Route risk rating — regulatory risk: Low to medium. Weak compliance, vague scope or insufficient controls increase review risk.

Mitigation: Prepare an evidence-based compliance file before submission.

This content is for general orientation only. Crypto regulation changes quickly and the final scope should be confirmed through a jurisdiction-specific legal review before filing or incorporation.

Estonia CASP vs alternatives

Compare Estonia with Lithuania CASP and Latvia CASP for Baltic EU/MiCA positioning, Malta CASP for an established MFSA-facing EU route, and Turkey CASP when the commercial driver is Turkey local-market access rather than EU/EEA passporting.

Current

Estonia

CASP

Price
18 400 EUR
Timeline
From 6 months
Passporting
EU/EEA
Banking
Medium to high
Reputation
High

Lithuania (CASP)

CASP

Passporting
EU/EEA
Banking
Medium to high
Reputation
High

+ Baltic EU/MiCA comparison route for CASP passporting plans

Not a substitute for Estonia-specific substance and regulator review

View route

Latvia (CASP)

CASP

Passporting
EU/EEA
Banking
Medium to high
Reputation
High

+ Alternative Baltic EU/MiCA route for regulated CASP operations

Requires separate assessment of local substance, fees and supervisor expectations

View route

Malta (CASP)

CASP

Price
20 700 EUR
Timeline
From 6 months
Passporting
EU/EEA
Banking
Medium to high
Reputation
High

+ Established EU/MiCA CASP route with MFSA-facing regulatory profile

Usually heavier and not a low-cost route

View route

Turkey (CASP)

CASP

Price
52 800 EUR
Timeline
From 3 months
Passporting
No passporting
Banking
High
Reputation
Medium

+ Local-market CASP route for Turkey-facing operations

No EU/EEA passporting and a materially different regulatory perimeter

View route

Fees, timelines and capital figures are indicative and may vary by business model, regulator feedback, application scope and third-party costs.

Estonia vs other CASP routes

Compare key parameters across CASP authorisation routes.

Sort by:
EstoniaCurrent
Price18 400 EUR
TimelineFrom 6 months
BankingMedium to high
ReputationHigh
Malta
Price20 700 EUR
TimelineFrom 6 months
BankingMedium to high
ReputationHigh
Turkey
Price52 800 EUR
TimelineFrom 3 months
BankingHigh
ReputationMedium

Check your readiness for Estonia CASP authorisation

Documented AML/CFT policies, risk assessment, compliance officer.

Share capital

From 50 000 EUR minimum capital required.

AML/CFT framework

Documented AML/CFT policies, risk assessment, compliance officer.

Governance structure

Board, management, accountability chain defined.

Banking preparation

Banking strategy and identified partners.

Local substance plan

Local staff and office in Estonia.

Readiness status

Answer the criteria on the left to see your readiness status.

Frequently asked questions

Estonia CASP authorisation under MiCA can support EU/EEA passporting for approved services, subject to the required notification process. It should not be presented as automatic access for every future product or activity.

No. Estonia may remain attractive for digital-business teams, but MiCA-era CASP authorisation requires substance, governance, AML controls, audit, capital planning and banking readiness.

Plan for local staff, a physical office, accountable management, compliance and AML ownership, audit, outsourcing controls and product-specific technology and safeguarding procedures.

The CSV profile is medium to high. Banking and PSP discussions should be prepared alongside the authorisation strategy with clear ownership, flow-of-funds, client geography, token policy and transaction monitoring evidence.

Compare Estonia with Lithuania, Latvia and Malta when EU/MiCA passporting is the commercial driver. Compare Turkey only when the project needs Turkey local-market access, because Turkey CASP does not provide EU/EEA passporting.

The page is not legal advice and should not be relied on as a substitute for advice from qualified counsel in the relevant jurisdiction.

Your dedicated specialists

  • Enrico Kärvinen

    Enrico

  • Rein Tammik

    Rein

  • Jurata Žukaitė

    Jurata

  • Andrej Kazlauskas

    Andrej

  • Marta Värna

    Marta

  • Katrin Lepik

    Katrin

  • Inga Stankavičiūtė

    Inga

Request a Estonia CASP assessment

Share your planned activities, target markets and timeline. We will review which crypto licensing route is likely to fit.

Leave open if you want a country comparison.
Select every activity you plan to offer. The licence route may change if you include custody, exchange, trading platform or fiat flows.
Include service fees, regulator fees, share capital, local office or staff, audit and ongoing compliance.

By submitting this form, you agree to be contacted about your crypto licensing request. Do not include passwords, private keys or confidential customer data.