Licentium

Licensing Hub

Italy

Full MiCA jurisdiction under Legislative Decree 129/2024. Dual-authority model: Consob authorises specialised CASPs after a Bank of Italy opinion. Transition backstop: 30 June 2026.

Available licences

Consob MiCA CASP Authorisation (after Bank of Italy opinion)

Consob authorisation under MiCA Article 63 for standard specialised CASPs, decided after hearing the Bank of Italy. Applicant must use an Italian corporate form (joint stock company, partnership limited by shares, limited liability company or cooperative company) and have registered office in an EU Member State where it carries out at least part of its services, effective management in the EU and at least one EU-resident director. Authorised services include custody and administration, operation of a trading platform, exchange for funds, exchange for other crypto-assets, execution of orders, placing, reception and transmission, advice, portfolio management and transfer services. Applications submitted by certified email. Consob materials indicate EUR 20,000 payable by CASP applicants under Consob Resolution No. 23799/2025. Completeness check 25 working days; substantive assessment generally 40 working days.

Bank of Italy MiCA Competence (Banks, EMIs, PIs, Class 1 Investment Firms)

Bank of Italy is central for prudential supervision, capital adequacy, risk containment, sound and prudent management, governance, organisation, internal controls, outsourcing, business continuity, client-asset segregation and certain regulated financial institutions. Bank of Italy authorises certain EMIs and payment institutions for non-equivalent crypto-asset services after hearing Consob. Bank of Italy receives Article 60 notifications from banks, class 1 investment firms, electronic-money institutions and asset management companies.

Article 60 Notification (Eligible Financial Entities)

Notification route for credit institutions, central securities depositories, investment firms, market operators, electronic-money institutions, UCITS management companies and AIFMs. In Italy: Bank of Italy receives notifications from banks, class 1 investment firms, EMIs and asset management companies; Consob receives notifications from CSDs, non-class-1 investment firms and regulated-market operators. Notification must be filed at least 40 working days before first providing the relevant crypto-asset services. Non-equivalent services still require full CASP authorisation.

Italian Statutory Client-Asset Segregation

Italy has a specific statutory segregation rule for CASPs. Crypto-assets and funds of individual clients held by a CASP are separate from the CASP's own assets and from the assets of other clients. Creditors of the CASP, depositary or sub-depositary cannot act against those client assets. CASPs may not use client crypto-assets or client funds for their own account. Custody, wallet, exchange, transfer and settlement models should be designed around segregation, reconciliation, sub-custody, client-money, insolvency and recordkeeping controls.

AML/CFT, TFR, DORA, PSD2 and Enforcement Compliance

Italian CASPs must comply with MiCA, Legislative Decree No. 129/2024, Consob and Bank of Italy supervisory requirements, AML/CFT obligations, sanctions, TFR, DORA and Italian conduct and prudential rules. Bank of Italy has issued guidance on the interconnection between MiCAR and PSD2. Authorised CASPs must start operations within 12 months. Unauthorised provision of crypto-asset services contrary to MiCA Article 59 can be punished by imprisonment from six months to four years and a criminal fine. CASP legal-person fines up to EUR 5 million or 5 percent of annual turnover; natural-person fines up to EUR 700,000. Market-abuse breaches up to EUR 15 million or 15 percent of annual turnover, with triple-benefit uplift available.

Detailed overview

Italy: Consob and Bank of Italy MiCA Framework under Legislative Decree No. 129/2024

Italy is a full MiCA jurisdiction. The Italian framework is based on Regulation 2023/1114 and Legislative Decree No. 129 of 2024.

Consob and the Bank of Italy are the Italian competent authorities under MiCA. Italy uses a dual-authority model. Consob is the main authorising authority for specialised crypto-asset service providers, while the Bank of Italy has key prudential, governance, risk, banking, e-money and payment-related functions.

Italy’s transition is still active but only for qualifying legacy providers. The deadline to apply for MiCA authorisation under the Italian transition has already passed. The final transition backstop is 30 June 2026.

Regulator

The main authorisation authority for a standard specialised Italian CASP is Consob, after hearing the Bank of Italy.

The Bank of Italy is central for prudential supervision, capital adequacy, risk containment, sound and prudent management, governance, organisation, internal controls, outsourcing, business continuity, client-asset segregation and certain regulated financial institutions.

The correct authority depends on the applicant type and the services proposed.

Consob receives Article 60 notifications from central securities depositories, non-class-1 investment firms and regulated-market operators. It also authorises specialised CASPs and certain non-equivalent services by non-class-1 investment firms after hearing the Bank of Italy.

The Bank of Italy receives Article 60 notifications from banks, class 1 investment firms, electronic-money institutions and asset management companies. It also authorises certain electronic-money institutions and payment institutions for non-equivalent crypto-asset services after hearing Consob.

Licensing route

A business that provides crypto-asset services in or from Italy generally needs MiCA authorisation as a crypto-asset service provider unless it is an eligible financial entity using Article 60 or a duly authorised EU CASP passporting into Italy.

The relevant crypto-asset services are custody and administration of crypto-assets for clients, operation of a crypto-asset trading platform, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of client orders, placing of crypto-assets, reception and transmission of orders, advice on crypto-assets, portfolio management on crypto-assets and transfer services for clients.

Transfer services are a separate MiCA service and should be included in the service-mapping analysis.

The licence perimeter applies only where the asset is within MiCA. Tokens that qualify as financial instruments, deposits, structured deposits, fund interests, payment instruments, non-MiCA e-money arrangements, insurance products or other regulated products require separate legal analysis.

Article 63 authorisation

A standard unregulated specialised Italian CASP applies to Consob for MiCA authorisation. Consob decides after hearing the Bank of Italy.

An ordinary specialised CASP applicant must use an Italian corporate form permitted by the Italian implementation decree. These include a joint stock company, partnership limited by shares, limited liability company or cooperative company.

A MiCA-authorised CASP must have a registered office in an EU Member State where it carries out at least part of its crypto-asset services, its effective management in the EU and at least one EU-resident director.

A credible Italian application should include a full service map, legal perimeter analysis, Italian home-state analysis, corporate-form analysis, programme of operations, business plan, constitutional documents, proof of prudential safeguards, governance materials, management fit-and-proper evidence, qualifying-holder information, internal controls, AML and counter-terrorist-financing procedures, sanctions controls, TFR procedures, risk assessment, business-continuity plan, ICT and DORA materials, client-asset and client-fund segregation procedures, complaints procedures, conflicts management, outsourcing framework, custody policy where relevant, trading-platform rules and market-abuse systems where relevant, exchange commercial policy and pricing methodology where relevant, execution policy where relevant, advice and portfolio-management competence evidence where relevant and transfer-service procedures where relevant.

Applications and notifications are submitted by certified email to the competent authority. Pre-application meetings may be requested, but they do not start the statutory assessment clock.

The authorities assess whether the application is complete within 25 working days. A complete application then enters the substantive assessment period, which is generally 40 working days. Additional-information requests may suspend the assessment period within the limits allowed by MiCA.

Article 60 notification

Article 60 is not a general shortcut for unregulated applicants. It is a notification route for specified regulated financial entities and permitted equivalent crypto-asset services.

The Article 60 route may be relevant for credit institutions, central securities depositories, investment firms, market operators, electronic-money institutions, UCITS management companies and alternative investment fund managers.

In Italy, the notification authority depends on the type of entity. Banks, class 1 investment firms, electronic-money institutions and asset management companies notify the Bank of Italy. Central securities depositories, non-class-1 investment firms and regulated-market operators notify Consob.

A financial entity must notify the competent authority at least 40 working days before first providing the relevant crypto-asset services.

A regulated entity must map each proposed crypto-asset service to its existing authorisation and to the MiCA Article 60 equivalence rules.

A regulated entity that wants to provide non-equivalent crypto-asset services may still need full CASP authorisation.

Transitional position

Italy’s MiCA transition is late-stage and limited.

A legal person that was duly registered in the OAM virtual-currency register by 27 December 2024 could rely on transition only if it submitted a MiCA authorisation application by 30 December 2025.

A qualifying transitional provider may continue legacy virtual-currency or digital-wallet services until authorisation is granted or refused, and in any event no later than 30 June 2026.

A same-group route is also available. A qualifying Italian registered legal person may continue without submitting its own application if it belongs to the same group as a company that submitted the relevant MiCA authorisation application in Italy or another EU Member State by 30 December 2025. This continuation also ends on authorisation or refusal and in any event no later than 30 June 2026.

A provider whose authorisation is refused must promptly close existing relationships with Italian clients and in any event within 60 days from refusal.

Legacy OAM registration is not a MiCA licence and should not be marketed as MiCA authorisation.

New Italy-facing crypto-asset service activity should be structured through MiCA authorisation, a valid Article 60 route or a valid MiCA passport.

Passporting and register checks

A MiCA-authorised CASP may provide its authorised services across the EU through the MiCA passport, subject to the required notification process and authorised service scope.

A legacy OAM registration or transitional position does not itself create a MiCA passport.

After authorisation, a CASP is entered in the ESMA register. Consob acts as the Italian single contact point for cross-border administrative cooperation with ESMA and transmits the necessary information.

Consob, Bank of Italy, OAM and ESMA register information should be checked before relying on a provider’s authorisation status, onboarding a counterparty, launching services or publishing any authorisation claim.

Costs

Italian regulatory contributions apply.

Official Consob materials indicate a EUR 20,000 amount payable by entities applying for CASP authorisation. Consob also adopted a 2026 contribution framework for crypto-asset market participants through Resolution No. 23799 of 17 December 2025, published in the Gazzetta Ufficiale on 27 January 2026.

These amounts should be checked against the current Consob contribution resolution and Bank of Italy or Consob filing instructions before filing or publication.

The regulatory contribution is not the full cost of authorisation. Applicants should also budget for legal, governance, AML, sanctions, TFR, DORA, ICT, custody, outsourcing, complaints, conflicts, audit, accounting, prudential, insurance and operational implementation costs.

Prudential safeguards

A CASP must maintain MiCA prudential safeguards at all times.

The required amount is at least the higher of the applicable permanent minimum capital requirement and one quarter of fixed overheads for the preceding year.

The MiCA class amounts are EUR 50,000 for class 1, EUR 125,000 for class 2 and EUR 150,000 for class 3.

Class 1 covers execution of orders, placing, transfer services, reception and transmission of orders, advice and portfolio management.

Class 2 includes class 1 services plus custody and administration, exchange of crypto-assets for funds and exchange of crypto-assets for other crypto-assets.

Class 3 includes class 2 services plus operation of a crypto-asset trading platform.

Where a provider offers services in more than one class, the highest applicable class applies.

Prudential safeguards may take the form of own funds, an insurance policy, a comparable guarantee or a permitted combination.

Client-asset segregation

Italy has a specific statutory segregation rule for CASPs.

Crypto-assets and funds of individual clients held by a CASP are separate from the CASP’s own assets and from the assets of other clients. Creditors of the CASP, depositary or sub-depositary cannot act against those client assets.

CASPs may not use client crypto-assets or client funds for their own account.

Custody, wallet, exchange, transfer and settlement models should therefore be designed around segregation, reconciliation, sub-custody, client-money, insolvency and recordkeeping controls from the start.

Banks, payment institutions and electronic-money institutions may be subject to sector-specific rules for client funds.

AML, TFR and DORA

Italian CASPs must prepare AML, sanctions, TFR and ICT controls before filing.

Core controls include customer due diligence, beneficial ownership analysis, AML risk assessment, sanctions screening, transaction monitoring, suspicious-activity escalation, travel-rule procedures, treatment of self-hosted addresses where relevant, outsourcing oversight, recordkeeping and staff training.

DORA and ICT readiness are also central. An Italian application should include ICT governance, security documentation, incident management, business continuity, outsourcing controls and operational-resilience evidence.

PSD2 and EMT activity

Payment-services and EMT-related activity should be analysed separately.

The Bank of Italy has issued guidance on the interconnection between MiCAR and PSD2. This is relevant where crypto-asset services are assimilable to payment services.

Wallets, EMT transfers, EMT custody, settlement models, payment-like flows and client-balance models may require payment-services analysis in addition to MiCA analysis.

A CASP licence should not be treated as automatically covering PSD2 or e-money requirements.

ARTs, EMTs and token issuance

Token issuance and CASP authorisation are separate workstreams.

MiCA distinguishes e-money tokens, asset-referenced tokens and crypto-assets other than ARTs and EMTs. Each category has different authorisation, notification and white-paper treatment.

A CASP licence does not itself cover public offers, admission to trading, ART issuance, EMT issuance or white-paper obligations.

Trading platforms, exchanges, brokers and order-routing providers should also review listed assets for non-compliant ARTs and EMTs. Italian authorities have highlighted ESMA’s position that CASPs should not enable trading or acquisition of ARTs or EMTs whose issuers are not compliant with MiCA.

Ongoing obligations

An Italian CASP must comply with MiCA, Legislative Decree No. 129/2024, Consob and Bank of Italy supervisory requirements, AML and counter-terrorist-financing obligations, sanctions controls, TFR, DORA and applicable Italian conduct and prudential rules.

Core obligations include governance, management suitability, qualifying-holder controls, prudential safeguards, internal controls, risk management, AML and counter-terrorist-financing procedures, sanctions controls, transaction monitoring, TFR implementation, business continuity, ICT and DORA controls, outsourcing oversight, complaints handling, conflicts management, custody safeguards, client-asset and client-fund segregation, recordkeeping, fair and non-misleading client information, cost and fee transparency, market-abuse systems where relevant and service-specific conduct rules.

An authorised CASP must start operations within 12 months and comply with applicable information obligations.

Enforcement risk

Italy is not a light-touch jurisdiction.

Unauthorised provision of crypto-asset services contrary to MiCA Article 59 can be punished by imprisonment from six months to four years and a criminal fine.

Administrative sanctions may also apply. For CASP-related infringements, legal-person fines may reach EUR 5 million or, if higher, up to 5 percent of annual turnover. Natural-person administrative fines may reach EUR 700,000. Where the benefit obtained exceeds the statutory maximum and can be determined, the sanction may be increased up to twice the benefit obtained.

Market-abuse-related infringements carry higher exposure, including legal-person sanctions up to EUR 15 million or 15 percent of annual turnover for certain breaches, and possible triple-benefit sanctions where the benefit can be determined.

The main enforcement risks are operating without MiCA authorisation, relying on transition without satisfying OAM registration and filing conditions, continuing after 30 June 2026 without authorisation or passport, presenting OAM registration as MiCA authorisation, using Article 60 without eligibility, providing services outside authorised scope, weak AML or TFR controls, weak DORA readiness, ignoring PSD2 or EMT overlap, failing client-asset segregation and making misleading marketing or authorisation claims.

Practical assessment

Italy is suitable for firms that want MiCA authorisation in a major EU financial market with a defined national implementation decree, active Consob and Bank of Italy supervision and a developed transition from the OAM VASP regime.

It is not suitable for firms looking for a paper registration, indefinite grandfathering, automatic conversion from OAM status or a low-substance market-entry route.

The main execution risks are incorrect service classification, missing transfer services, choosing the wrong authority, treating Article 60 as a general shortcut, relying on late-stage transition without meeting the Italian conditions, underestimating the dual Consob and Bank of Italy review, overlooking client-asset segregation, missing PSD2 or EMT issues, failing to evidence prudential safeguards and filing before AML, TFR, DORA, ICT, custody, outsourcing, complaints, conflicts and service-specific controls are ready.

Ready to launch legally?

Book a 30-minute consultation. We'll map your licensing path and tell you exactly what's required, in plain language.

Get Started