Cyprus
MiCA Snapshot
MiCA is already operational in Cyprus: the rules for asset‑referenced tokens and e‑money tokens have applied since 30 June 2024, while the full licensing and conduct regime for crypto‑asset service providers took effect on 30 December 2024. The Cyprus Securities and Exchange Commission (CySEC) supervises all non‑bank crypto activity, whereas the Central Bank of Cyprus (CBC) oversees e‑money tokens and bank‑issued stablecoins. CySEC has closed its former national CASP register and invoked MiCA’s maximum 18‑month grace period, so firms that were already registered before 30 December 2024 may keep operating until 1 July 2026 while they secure a MiCA licence.
Cyprus has opted for a split‑mandate model that mirrors the financial‑sector divide between securities and banking:
-
Cyprus Securities and Exchange Commission (CySEC) is the competent authority for all “securities‑style” functions — i.e. issuers of ARTs that are not banks, all other crypto‑asset issuers, and the authorisation and ongoing supervision of CASPs.
-
Central Bank of Cyprus (CBC) is responsible for EMTs (because they are treated as electronic money) and for ARTs issued by credit institutions.
This allocation appears in the list of national authorities that every Member State has filed with ESMA under Article 93 MiCA.
-
CySEC’s public guidance breaks MiCA’s scope into four activity buckets: (i) initial offerings and admissions to trading of crypto‑assets; (ii) nine distinct crypto‑asset services such as custody, exchange, portfolio management and advice; (iii) issuance and ongoing obligations for ART and EMT issuers; and (iv) a market‑abuse regime modelled on MAR/MAD. The Commission underlines that supervision of EMT issuers is ceded to the CBC, while everything else sits with CySEC.
Cyprus is making full use of MiCA’s optional grace period. Under Article 143(3), a CASP that was already active “in accordance with applicable law” before 30 December 2024 may keep operating until 1 July 2026 or until its MiCA licence is granted or refused, whichever is earlier. CySEC confirmed the approach in an announcement on 17 October 2024 and at the same time closed its national AML‑based CASP register to new applicants and to new inbound notifications from other EEA supervisors.
In practical terms this means:
-
Firms that made it onto the CySEC CASP Register before the cut‑off enjoy a maximum 18‑month runway.
-
New entrants must now apply directly under MiCA once CySEC publishes its application packs (see next section).
-
Authorisation windows. CySEC has not yet opened the formal MiCA licensing portal because the EU technical standards (RTS/ITS) are still being finalised; however, it encourages “pre‑filings” so dossiers can be fast‑tracked once the forms are final.
Capital and governance uplifts. Existing registered CASPs should already be working towards MiCA’s higher own‑funds thresholds (€50 000–€150 000 depending on the service mix), enhanced safeguarding of client assets and the two‑person management‑body requirement.
ICT resilience. Because Cyprus is a popular base for retail‑facing fintech, CySEC has started referencing the EU Digital Operational Resilience Act (DORA) in its supervisory correspondence; firms are expected to align their cyber‑risk frameworks with both DORA and MiCA well before the 2026 deadline.
The national framework that currently governs CASPs — essentially the CASP Registration Directive issued under Cyprus’s AML/CFT Law — remains in place solely to support grandfathered firms during the transition. CySEC has stated that the AML controls in that directive (travel rule, beneficiary verification, etc.) will be folded into its MiCA supervisory reviews rather than discarded.
Summer–Autumn 2025: final RTS/ITS from the European Commission and ESMA; CySEC and the CBC will release official application templates almost immediately afterwards.
Early 2026: first MiCA licences in Cyprus are likely to be granted, giving the successful firms an EU‑wide passport for crypto‑asset services.
1 July 2026: end of the transitional period — any CASP still operating without a MiCA authorisation will have to cease business.
Behind Licentium
Our Edge
Licentium is a specialized platform that connects crypto-asset issuers and service providers with an international network of lawyers, regulatory consultants, and former supervisors. Projects can map applicable rules in key jurisdictions through a single interface, obtain jurisdiction-specific launch advice, arrange the drafting of white papers and licensing applications, and schedule ongoing compliance health-checks. The platform’s curated expert pool spans financial services, data protection, and corporate law, enabling founders to address cross-border requirements—from MiCA in the EU to securities, AML, and consumer-protection regimes elsewhere—within coherent project timelines and budgets.
