Licentium

Licensing Hub

Estonia

Full MiCA jurisdiction under the Estonian Market in Crypto-Assets Act. Finantsinspektsioon licenses CASPs, and the former FIU VASP regime is transitional only.

Available licences

Finantsinspektsioon MiCA Crypto-Asset Service Provider Authorisation

Finantsinspektsioon authorisation under MiCA Article 63 for CASPs using Estonia as home Member State. Applicant must be an Estonian private limited or public limited company with registered office in Estonia, effective management in the EU and at least one EU-resident director. Management board of at least two members required; private limited companies generally require a three-member supervisory board (exempt if not providing custody or trading-platform services). Authorised services include custody and administration, operation of a trading platform, exchange for funds, exchange for other crypto-assets, execution of orders, placing, reception and transmission, advice, portfolio management and transfer services. Processing fee EUR 3,000; additional/expansion EUR 1,500. Completeness check 25 working days; substantive review 40 working days.

Finantsinspektsioon Article 60 Notification (Eligible Financial Entities)

Notification route for credit institutions, e-money institutions, investment firms, UCITS management companies, AIFMs, central securities depositories and regulated securities market operators. Finantsinspektsioon confirms by decision the right of such an entity to act as a CASP where it satisfies MiCA Article 60 and submits complete information. Non-equivalent services still require full CASP authorisation.

MiCA Prudential Safeguards

CASP must maintain MiCA prudential safeguards at all times: at least the higher of the applicable permanent minimum capital requirement or one quarter of fixed overheads for the preceding year. May take the form of own funds, an insurance policy, a comparable guarantee or a permitted combination. Volume component of ongoing supervisory fee depends on transaction amount, client funds held or annual operating income.

ART and EMT Issuance and White Paper Compliance

CASP licence route is separate from token-offer and white-paper obligations. A credit institution offering its own ART and seeking admission to trading requires Finantsinspektsioon confirmation and white-paper approval. A credit institution or e-money institution offering its own EMT and seeking admission must comply with MiCA Article 48 and notify the white paper to Finantsinspektsioon. Offerors and persons seeking admission to trading of other crypto-assets must assess MiCA Articles 4 and 5.

AML/CFT, TFR, DORA and Enforcement Compliance

Estonian CASPs must comply with MiCA, the Estonian Market in Crypto-Assets Act, AML/CFT obligations, sanctions, Regulation 2023/1113 and DORA. Finantsinspektsioon may issue precepts, restrict transactions, restrict assets/accounts/wallets, restrict profit distributions, require management changes, revoke outsourced service rights, revoke authorisation, impose coercive fines and restrict use of client assets for up to 30 days. Natural-person fines up to EUR 700,000 or double benefit; legal persons up to EUR 5,000,000, double benefit or 5 percent of turnover.

Detailed overview

Estonia: Finantsinspektsioon MiCA Authorisation under the Krüptovaraturu seadus

Estonia is a full MiCA jurisdiction. The Estonian framework is based on Regulation 2023/1114 and the Estonian Krüptovaraturu seadus, the Market in Crypto-Assets Act.

The Estonian Financial Supervision Authority, Finantsinspektsioon, is the main regulator for crypto-asset service provider authorisation in Estonia.

The former FIU virtual-currency service provider regime is now only relevant for transition. New Estonia-facing crypto-asset service activity should be structured through MiCA authorisation, a valid Article 60 notification route, a valid MiCA passport, or another applicable regulated route.

Regulator

The main regulator is Finantsinspektsioon.

Finantsinspektsioon grants and revokes operating licences for crypto-asset market participants, receives MiCA applications and notifications, supervises authorised providers, maintains registers and exercises supervisory powers under MiCA and Estonian law.

The FIU remains relevant for legacy virtual-currency providers during transition and for AML-related matters, but it is not the current licensing authority for new MiCA CASP authorisation.

Licensing route

A crypto-asset service provider that uses Estonia as its home Member State generally needs authorisation from Finantsinspektsioon unless it is an eligible financial entity using the Article 60 route.

The relevant crypto-asset services are custody and administration of crypto-assets for clients, operation of a crypto-asset trading platform, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of client orders, placing of crypto-assets, reception and transmission of orders, advice on crypto-assets, portfolio management on crypto-assets and transfer services for clients.

Transfer services are a separate MiCA service and should be included in the service-mapping analysis.

The licence perimeter applies only where the asset is within MiCA. Tokens that qualify as financial instruments, deposits, fund interests, payment instruments, insurance products, non-MiCA e-money arrangements or other regulated products require separate analysis.

Entity and governance requirements

An Estonian crypto-asset market participant must have its registered office in Estonia.

A crypto-asset market participant may operate only as an Estonian private limited company or public limited company.

A crypto-asset service provider must have a management board with at least two members.

A private limited company that is a crypto-asset market participant generally requires a supervisory board of at least three members. A CASP private limited company may be exempt from that supervisory-board requirement if it does not provide custody and administration or trading-platform services.

A CASP authorised under MiCA must also have its effective management in the EU and at least one EU-resident director.

Estonia should not be treated as a mailbox jurisdiction. The applicant should be able to show a credible management, governance, control and operational structure.

Article 63 authorisation

A standard unregulated CASP applicant applies to Finantsinspektsioon for MiCA authorisation.

Applications for a crypto-asset service provider operating licence must be submitted through the Finantsinspektsioon application portal.

The application must be submitted in Estonian. English documents may be submitted if this is clearly stated in the application.

A credible application should include a full service map, legal perimeter analysis, constitutional documents, business plan, programme of operations, proof of prudential safeguards, governance materials, management fit-and-proper evidence, qualifying-holder information, internal controls, AML and counter-terrorist-financing procedures, risk assessment, business-continuity plan, ICT and security documentation, DORA materials, client-asset and client-fund segregation procedures, complaints procedures, custody policy where relevant, trading-platform rules and market-abuse systems where relevant, exchange commercial policy and pricing methodology where relevant, execution policy where relevant, advice and portfolio-management competence evidence where relevant, transfer-service procedures where relevant, and crypto-asset type analysis.

Finantsinspektsioon may request additional information where it is not satisfied that the applicant has adequate facilities, meets legal requirements, or where other applicant-related circumstances need to be verified.

Finantsinspektsioon assesses whether the application is complete within 25 working days. After the file is complete, Finantsinspektsioon assesses within 40 working days whether the applicant meets MiCA and Estonian law requirements. The review period may be paused for up to 20 working days.

Article 60 notification

Article 60 is not a general shortcut for unregulated applicants. It is a route for specified regulated financial entities.

In Estonia, the Article 60 route may be relevant for a credit institution, e-money institution, investment firm, UCITS management company, alternative investment fund manager, central securities depository or regulated securities market operator.

Finantsinspektsioon confirms by decision the right of such an entity to act as a crypto-asset service provider where it satisfies MiCA Article 60 and submits proper and complete information.

A regulated entity must still map each crypto-asset service to its existing regulated permissions and the MiCA Article 60 equivalence rules. A regulated entity that wants to provide non-equivalent services may still need full CASP authorisation.

Transitional position

Estonia’s transition ends on 1 July 2026.

Legacy virtual-currency service providers that had the right to provide virtual-currency services under the former AML framework must align their activity with the Estonian MiCA framework by 1 July 2026.

If a legacy provider submitted an operating-licence application to Finantsinspektsioon before 1 July 2026 and Finantsinspektsioon has not granted or refused authorisation by that date, the activity is not treated as unauthorised activity for the relevant Penal Code purpose. However, the provider may not enter into new client contracts from 1 July 2026 until Finantsinspektsioon grants or refuses the licence.

A legacy provider that ceases crypto-asset services from 1 July 2026 does not need to apply for Finantsinspektsioon authorisation, but it must notify clients and return client assets within a reasonable time to the wallet address or payment account specified by the client.

Finantsinspektsioon has warned that late applicants are unlikely to receive a decision before the end of the transitional period and may need to include a wind-down plan.

Legacy FIU status is not a MiCA licence and should not be marketed as MiCA authorisation.

Cross-border services

Estonia may also be served by a CASP authorised in another EU or EEA Member State using the MiCA passporting route.

A CASP that wishes to provide services in more than one Member State must submit the required cross-border information to its home-state competent authority. Finantsinspektsioon maintains a public register of cross-border crypto-asset service providers.

Before relying on a provider’s status, the relevant Finantsinspektsioon and ESMA registers should be checked.

Costs

The processing fee for applying for authorisation as a crypto-asset service provider, asset-referenced token issuer or e-money institution is EUR 3,000.

The fee for an additional licence or expansion of an existing CASP or ART issuer licence is EUR 1,500.

White-paper approval or notification fees may apply for relevant token-offer work.

Ongoing Finantsinspektsioon supervisory fees also apply. The capital component for a CASP is based on the MiCA Annex IV amount applicable to the authorisation scope. The volume component depends on the services provided and may be calculated by reference to transaction amount, client funds held or annual operating income.

The annual supervisory-fee rate is set within statutory ranges and should be checked before filing or budgeting.

The statutory processing fee is not the full cost of authorisation. Applicants should also budget for legal, governance, AML, DORA, ICT, custody, outsourcing, complaints, conflicts, translation, management, accounting, audit, insurance or own-funds and operational implementation costs.

Prudential safeguards

A CASP must maintain MiCA prudential safeguards at all times.

The required amount is at least the higher of the applicable permanent minimum capital requirement and one quarter of fixed overheads for the preceding year.

Prudential safeguards may take the form of own funds, an insurance policy, a comparable guarantee or a permitted combination.

The prudential package should be evidenced in the application and maintained after authorisation.

Ongoing obligations

An Estonian CASP must comply with MiCA, the Estonian Market in Crypto-Assets Act, applicable EU technical standards, AML and counter-terrorist-financing obligations, sanctions rules, Regulation 2023/1113 on information accompanying transfers of funds and certain crypto-asset transfers, and DORA.

Core obligations include governance, management suitability, qualifying-holder controls, prudential safeguards, internal controls, AML and counter-terrorist-financing procedures, risk management, business continuity, ICT and security controls, outsourcing oversight, complaints handling, conflicts management, custody safeguards, client-asset and client-fund segregation, recordkeeping, fair and non-misleading client information, cost and fee transparency and service-specific conduct rules.

AML, sanctions, travel-rule, ICT, custody, complaints, conflicts and DORA controls should be treated as licensing evidence, not as afterthoughts.

White papers and token issuance

The CASP licence route is separate from token-offer and white-paper obligations.

A credit institution offering its own asset-referenced token and seeking admission to trading requires Finantsinspektsioon confirmation and white-paper approval.

A credit institution or e-money institution offering its own e-money token and seeking admission to trading must comply with MiCA Article 48 and notify the white paper to Finantsinspektsioon.

Offerors and persons seeking admission to trading of other crypto-assets must assess the relevant MiCA Article 4 and Article 5 conditions.

A token issuer or offeror should not assume that CASP authorisation alone covers token-offer compliance.

Enforcement risk

Estonia is not a light-touch jurisdiction.

Finantsinspektsioon may issue precepts, restrict or prohibit transactions, restrict assets, accounts or crypto-asset wallets, restrict profit distributions, require internal rules, require management changes, remove employees, revoke outsourced service rights, require immediate disclosure, revoke authorisation and impose coercive fines.

Finantsinspektsioon may also restrict the use or disposal of client assets for up to 30 days where necessary to preserve those assets.

Breaches of MiCA CASP provisions may result in significant fines. Natural persons may be fined up to EUR 700,000 or double the benefit gained or loss avoided. Legal persons may be fined up to EUR 5,000,000, double the benefit gained or loss avoided, or up to 5 percent of turnover.

The main enforcement risks are operating after 1 July 2026 without authorisation or a valid passport, presenting FIU legacy status as a MiCA licence, entering new client contracts after the statutory transition limit while awaiting decision, relying on Article 60 without eligibility, providing services outside the authorised scope, and filing before governance, AML, ICT, DORA, custody, prudential and service-specific controls are ready.

Practical assessment

Estonia is suitable for firms that want MiCA authorisation through a digital, sophisticated EU jurisdiction and are prepared to build a real regulated financial-services structure.

It is not suitable for firms looking for a light FIU-style registration, a mailbox company, indefinite grandfathering or a simple conversion of the old virtual-currency authorisation.

The main execution risks are incorrect service classification, assuming FIU status is MiCA authorisation, missing the 1 July 2026 transition consequences, entering new client contracts after the transition limit without authorisation, underestimating Estonian governance and language requirements, treating Article 60 as a general shortcut, and filing before AML, TFR, DORA, ICT, custody, complaints, conflicts, prudential and service-specific materials are complete.

Ready to launch legally?

Book a 30-minute consultation. We'll map your licensing path and tell you exactly what's required, in plain language.

Get Started