Detailed overview
Sweden: Finansinspektionen MiCA Authorisation
Sweden is a full MiCA jurisdiction. The Swedish framework is based on Regulation 2023/1114 and Swedish supplementary legislation for markets in crypto-assets.
Finansinspektionen is the Swedish competent authority under MiCA. FI is the main regulator for crypto-asset service provider authorisation, Article 60 notifications, supervision, fees, enforcement and register information.
Sweden's legacy transition is closed to late entrants. A qualifying pre-MiCA provider that submitted an authorisation application before 1 October 2025 may continue while the application is finally assessed. New or continuing Sweden-facing crypto-asset service activity should otherwise be structured through MiCA authorisation, a valid Article 60 route or a valid MiCA passport.
Regulator
The main regulator is Finansinspektionen.
FI receives CASP authorisation applications, receives Article 60 notifications from eligible financial entities, supervises authorised providers, maintains register information and exercises MiCA supervisory powers.
FI also supervises compliance with Regulation 2023/1113 on information accompanying transfers of funds and certain crypto-assets.
Other Swedish and EU regimes may still apply where the activity involves banking, payment services, e-money, e-money tokens, asset-referenced tokens, financial instruments, deposits, funds, insurance products, AML, sanctions, TFR, DORA or tax reporting.
Licensing route
A business that provides crypto-asset services in or from Sweden generally needs MiCA authorisation as a crypto-asset service provider unless it is an eligible financial entity using Article 60 or a duly authorised EU CASP passporting into Sweden.
The relevant crypto-asset services are custody and administration of crypto-assets for clients, operation of a crypto-asset trading platform, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, execution of client orders, placing of crypto-assets, reception and transmission of orders, advice on crypto-assets, portfolio management on crypto-assets and transfer services for clients.
Transfer services are a separate MiCA service and should be included in the service-mapping analysis.
The licence perimeter applies only where the asset is within MiCA. Tokens that qualify as financial instruments, deposits, structured deposits, fund interests, payment instruments, non-MiCA e-money arrangements, insurance products or other regulated products require separate legal analysis.
Article 63 authorisation
A standard unregulated Swedish CASP applicant applies to FI for MiCA authorisation.
A MiCA-authorised CASP must have a registered office in an EU Member State where it carries out at least part of its crypto-asset services, its effective management in the EU and at least one EU-resident director.
The application is submitted by email to FI.
A credible Swedish application should include a full service map, legal perimeter analysis, Sweden home-state analysis, programme of operations, business plan, constitutional documents, proof of prudential safeguards, governance materials, management fit-and-proper evidence, qualifying-holder information, internal controls, AML and counter-terrorist-financing procedures, sanctions controls, TFR procedures, self-hosted-address controls, risk assessment, business-continuity plan, ICT and DORA materials, client-asset and client-fund segregation procedures, complaints procedures, conflicts management, outsourcing framework, custody policy where relevant, trading-platform rules and market-abuse systems where relevant, exchange commercial policy and pricing methodology where relevant, execution policy where relevant, advice and portfolio-management competence evidence where relevant and transfer-service procedures where relevant.
FI decides within 40 working days from the date when the application is complete. The processing time can be extended by 20 working days if the application needs to be supplemented.
Article 60 notification
Article 60 is not a general shortcut for unregulated applicants. It is a notification route for specified regulated financial entities and permitted equivalent crypto-asset services.
The Article 60 route may be relevant for credit institutions, central securities depositories, investment firms, market operators, electronic-money institutions, UCITS management companies and alternative investment fund managers.
An Article 60 notification is submitted to FI.
FI assesses a complete notification within 20 working days. The processing time can be extended by a maximum of 20 working days if the notification needs to be supplemented.
A regulated entity must map each proposed crypto-asset service to its existing authorisation and to the MiCA Article 60 equivalence rules.
A regulated entity that wants to provide non-equivalent crypto-asset services may still need full CASP authorisation.
Transitional position
Sweden's general MiCA transition ended on 30 September 2025.
A firm that provided crypto-asset services before 30 December 2024 and needed MiCA Article 63 authorisation could continue until 30 September 2025.
If that firm submitted an authorisation application before 1 October 2025, it may continue the activity until the application is finally assessed.
A provider that did not submit a timely application cannot rely on transition.
Legacy registration or pending application status is not MiCA authorisation and should not be marketed as such.
A new Sweden-facing provider should use MiCA authorisation, a valid Article 60 route or a valid MiCA passport.
Passporting and register checks
A MiCA-authorised CASP may provide its authorised services across the EU through the MiCA passport, subject to the required notification process and authorised service scope.
A CASP authorised in another EU Member State may provide crypto-asset services in Sweden through the MiCA passport.
A Swedish legacy registration or pending application does not itself create a MiCA passport.
FI's company register contains information on companies and persons authorised to offer financial services. FI and ESMA register information should be checked before relying on a provider's authorisation status, onboarding a counterparty, launching services or publishing any authorisation claim.
Costs
FI application fees apply.
The current FI fee range for a CASP authorisation application is SEK 135,000 to SEK 690,000.
The current fee range for extension of CASP authorisation is SEK 52,500 to SEK 525,000.
The current fee for an Article 60 notification is SEK 25,500.
The current fee for a cross-border service notification is SEK 18,000.
The current fee for a qualifying-holding approval in a CASP is SEK 33,000.
FI registers the application or notification and then sends an administrator letter with the reference number, fee and payment information. The fee should not be paid before that letter is received.
FI also charges an annual supervisory fee based on balance-sheet total. The minimum annual supervisory fee for a CASP is SEK 150,000.
These fees are not the full cost of authorisation. Applicants should also budget for legal, governance, AML, sanctions, TFR, self-hosted-address controls, DORA, ICT, custody, outsourcing, complaints, conflicts, audit, accounting, prudential, insurance, tax reporting and operational implementation costs.
The fee framework should be checked before filing because Swedish fee rules may be amended.
Prudential safeguards
A CASP must maintain MiCA prudential safeguards at all times.
The required amount is at least the higher of the applicable permanent minimum capital requirement and one quarter of fixed overheads for the preceding year.
The MiCA class amounts are EUR 50,000 for class 1, EUR 125,000 for class 2 and EUR 150,000 for class 3.
Class 1 covers execution of orders, placing, transfer services, reception and transmission of orders, advice and portfolio management.
Class 2 includes class 1 services plus custody and administration, exchange of crypto-assets for funds and exchange of crypto-assets for other crypto-assets.
Class 3 includes class 2 services plus operation of a crypto-asset trading platform.
Where a provider offers services in more than one class, the highest applicable class applies.
Prudential safeguards may take the form of own funds, an insurance policy, a comparable guarantee or a permitted combination.
AML, TFR and self-hosted addresses
Swedish CASPs are subject to the Swedish AML framework.
CASPs must prepare AML, sanctions, TFR and self-hosted-address controls before filing.
Core controls include customer due diligence, beneficial ownership analysis, AML and terrorist-financing risk assessment, sanctions screening, transaction monitoring, suspicious-activity escalation, travel-rule procedures, treatment of self-hosted addresses, correspondent-CASP controls, outsourcing oversight, recordkeeping and staff training.
For transfers to or from a self-hosted address, a CASP must identify the customer's counterparty, verify the counterparty's identity, investigate beneficial ownership, obtain additional information on the origin and destination of the crypto-assets, monitor relevant transactions and take other measures to manage AML and terrorist-financing risk.
For correspondent relationships involving CASPs, the CASP must investigate whether the counterparty has authorisation or registration to conduct its business. Decisions to terminate correspondent relationships must be documented.
Depending on size and nature, a Swedish CASP may need to appoint a senior responsible person, a central function holder and an independent audit function for AML compliance.
EMT and PSD2 activity
EMT-related activity should be analysed separately.
FI has stated that it intends to follow the EBA opinion on how MiCA and PSD2 apply when CASPs handle e-money tokens.
The EBA position distinguishes scenarios where activity may continue while a PSD2 authorisation is pending from scenarios where services must cease and clients must be wound down.
A Sweden-facing CASP with EMT transfers, EMT custody, wallets, settlement models, payment-like flows or client-balance functionality should assess PSD2, e-money and payment-service-provider partnership requirements before launch.
A MiCA CASP authorisation alone may not be enough where the EMT activity is also a payment service.
Marketing, disclosures and white papers
Sweden treats MiCA customer information, certain public information and white-paper information as material under the Swedish Marketing Act.
A CASP should ensure that website disclosures, risk warnings, fee disclosures, custody disclosures, white-paper statements, marketing material and claims about FI authorisation are accurate and not misleading.
CASP authorisation and token-offer compliance are separate.
A CASP licence should not be treated as covering public offers, admission to trading, ART issuance, EMT issuance or white-paper obligations.
Stablecoin, wallet, exchange, settlement and payment-like structures should be reviewed separately for EMT, ART, e-money and payment-services implications.
Tax reporting
Swedish crypto-asset tax reporting rules apply from 2026.
Reporting crypto-asset service providers must collect information on crypto-asset users and controlling persons and comply with Swedish reporting and due-diligence obligations.
The Swedish tax-reporting regime applies first to reporting periods beginning after 31 December 2025.
A Swedish CASP or other reporting crypto-asset operator should build tax-residence, user-identification, controlling-person and transaction-reporting processes into onboarding and platform operations.
Ongoing obligations
A Swedish CASP must comply with MiCA, Swedish supplementary MiCA law, Regulation 2023/1113, Swedish AML law, FI supervisory requirements, sanctions controls, DORA and applicable tax-reporting rules.
Core obligations include governance, management suitability, qualifying-holder controls, prudential safeguards, internal controls, risk management, AML and counter-terrorist-financing procedures, sanctions controls, transaction monitoring, TFR implementation, self-hosted-address controls, business continuity, ICT and DORA controls, outsourcing oversight, complaints handling, conflicts management, custody safeguards, client-asset and client-fund segregation, recordkeeping, fair and non-misleading client information, cost and fee transparency, market-abuse systems where relevant and service-specific conduct rules.
A CASP should also maintain processes for reporting to FI, communicating material changes and responding to supervisory information requests.
Enforcement risk
Sweden is not a light-touch jurisdiction.
FI must intervene against breaches of MiCA, Regulation 2023/1113, Swedish MiCA law, other applicable law, constitutional documents and internal rules grounded in applicable law.
FI must also intervene against unauthorised or unregistered activity covered by MiCA.
FI interventions may include orders to take action or cease conduct, remarks, warnings, revocation of authorisation or deregistration. Where authorisation is revoked, FI may decide how the business is wound down and may order transfer of customer contracts to an authorised CASP with the required consents.
FI may impose sanctions on legal persons and responsible natural persons. Management-function bans may apply where a serious breach is caused intentionally or by gross negligence by a board member, managing director or deputy.
For CASP-related MiCA breaches, legal-person sanctions may reach the highest of the SEK equivalent of EUR 5,000,000, 5 percent of annual turnover or twice the profit made from the breach.
For natural persons, sanctions for relevant CASP-related breaches may reach the SEK equivalent of EUR 700,000 or twice the profit made from the breach.
FI may also prohibit offers or trading where there is reasonable cause to assume that MiCA will be breached, and may temporarily prohibit actions that breach MiCA, are suspected to breach MiCA or harm customer interests.
The main enforcement risks are operating without MiCA authorisation, relying on transition without a timely application, presenting legacy or pending status as MiCA authorisation, using Article 60 without eligibility, providing services outside authorised scope, weak AML or TFR controls, weak self-hosted-address controls, weak DORA readiness, EMT and PSD2 overlap failures, misleading marketing or white-paper claims and inadequate customer disclosures.
Practical assessment
Sweden is suitable for firms that want MiCA authorisation through a single national competent authority with a mature financial-services supervisor and clear application mechanics.
It is not suitable for firms looking for a paper registration, continued reliance on pre-MiCA registration, indefinite grandfathering or informal reliance on pending status.
The main execution risks are incorrect service classification, missing transfer services, treating Article 60 as a general shortcut, relying on transition without a timely application, underestimating FI documentation expectations, failing to evidence prudential safeguards, weak AML or TFR controls, insufficient self-hosted-address controls, weak DORA or ICT evidence, EMT and PSD2 issues, tax-reporting readiness failures and filing before custody, outsourcing, complaints, conflicts and service-specific controls are ready.