Estonia Crypto License: Updated 2026 Requirements (VASP to MiCA CASP)

The Estonian crypto licence has changed shape. In 2026 the licence a founder actually needs is a CASP authorisation under MiCA, issued by Finantsinspektsioon, the Financial Supervision Authority, not a national VASP registration from the Financial Intelligence Unit. The legacy regime is sunsetting on a hard EU deadline, and any guide that still presents the old FIU licence as the live product is out of date.

This guide is written for founders, exchange operators and existing licence holders who need the current picture: who issues the licence now, what capital and substance the regime demands, how long authorisation takes, and where the genuine Estonian advantages (and the honest caveats) lie. Throughout, figures are drawn from primary MiCA text and labelled by regime, so you never budget against an expiring number.

By Magnus Müller · Reviewed by Magnus Müller · Last updated: 2026-06-14

Estonia's Crypto Licence in 2026 at a Glance

In 2026 an Estonian crypto licence means a CASP (Crypto-Asset Service Provider) authorisation under MiCA, the EU's Markets in Crypto-Assets Regulation. It is granted by Finantsinspektsioon, carries minimum capital of EUR 50,000 to EUR 150,000 by class, and passports across the EU and EEA. The legacy VASP regime is closing.

The MiCA CASP regime has applied across the EU since 30 December 2024, and the transitional window for firms operating under earlier national law closes no later than 1 July 2026. For Estonia specifically, that means the old Financial Intelligence Unit route is winding down, and applications now go to Finantsinspektsioon. The sections below set out the capital classes, the substance rules, the CASP authorisation under MiCA mechanics, and the realistic process timeline.

Key facts table

Who this guide is for

This guide serves three readers. First, founders and fintech operators planning a new crypto business who need to know what an Estonian licence requires in 2026. Second, exchange operators deciding which EU jurisdiction to authorise in, weighing capital, substance and reach. Third, and most urgently, existing Estonian VASP holders asking the migration question: is my current licence still valid, and do I need to re-apply? The page resolves that ambiguity first, then builds out the requirements.

From VASP to CASP: What Changed in Estonia

The single most important 2026 fact is that Estonia's national VASP regime is being replaced by the EU-wide MiCA CASP authorisation. Two instruments coexisted briefly during the transition: the legacy national VASP authorisation supervised by the Financial Intelligence Unit, and the new MiCA CASP authorisation issued by Finantsinspektsioon. By the end of the transitional window, only the CASP authorisation remains live.

This is not an Estonia-only story. The same VASP-to-CASP migration arc runs across every EU Member State, which is why Estonia sits alongside peers such as Lithuania and Poland on the same timetable. What follows is the Estonian execution of that shared EU shift, framed for a reader choosing a jurisdiction.

The legacy national VASP regime (MLTFPA, FIU-supervised)

Estonia historically licensed virtual asset service providers under its national Money Laundering and Terrorist Financing Prevention Act (MLTFPA, or rahapesu ja terrorismi rahastamise tõkestamise seadus). Supervision of that AML-anchored regime sat with the Financial Intelligence Unit (FIU, Rahapesu Andmebüroo). This is the licence the old guides describe, with national capital thresholds and FIU registration. It is the regime now closing.

The MiCA CASP regime (live since 30 December 2024)

Under MiCA, Regulation (EU) 2023/1114, crypto-asset services in Estonia now require a CASP authorisation from Finantsinspektsioon, a prudential regulator rather than an AML body. MiCA's CASP rules in Title V have applied since 30 December 2024. The instrument is harmonised across the EU, which is why a CASP authorisation, unlike the old national VASP licence, comes with EU-wide reach built in.

The 1 July 2026 sunset and "no automatic conversion"

MiCA Article 143(3) lets providers that were operating in accordance with national law before 30 December 2024 continue until 1 July 2026, or until they are granted or refused a MiCA authorisation, whichever is sooner. This is a maximum 18-month transitional window, and Member States could choose a shorter period or not apply it at all. For the broader transitional and passporting mechanics, see the MiCA transitional period and passporting.

For Estonia specifically, legacy VASP authorisations are reported to cease being valid after 1 July 2026, with no automatic conversion to a CASP authorisation, meaning firms must apply afresh to Finantsinspektsioon. We flag this as reported rather than primary-confirmed: the EU-level 1 July 2026 backstop is confirmed via ESMA, but the Estonia-specific "no auto-conversion" point rests on secondary reporting and should be re-verified directly with Finantsinspektsioon before any firm relies on it for planning.

Who Regulates Crypto Licensing in Estonia Now

A common point of confusion in 2026 is which body issues the licence: the FIU or Finantsinspektsioon. The answer is Finantsinspektsioon. Authorisation under MiCA is a prudential matter, handled by the Financial Supervision Authority. The FIU's licensing role belonged to the legacy national regime that is now sunsetting. Apply to Finantsinspektsioon, not the FIU.

Finantsinspektsioon (Financial Supervision Authority) - the MiCA authority

Finantsinspektsioon is Estonia's prudential financial regulator and the competent authority for MiCA CASP authorisations. It assesses capital adequacy, governance, the fitness of management and shareholders, and operational resilience, then grants the authorisation that enters you in the EU CASP register. All new crypto-licensing applications in Estonia go here.

The FIU (Rahapesu Andmebüroo) - legacy AML role

The Financial Intelligence Unit supervised the AML-anchored national VASP regime under the MLTFPA. It was the body firms registered with under the old route. In 2026 the FIU is no longer the authorising body for new crypto licences. Treat references to FIU crypto registration as describing the closing legacy door, not the live path.

Estonia Crypto Licence Capital Requirements (MiCA Annex IV)

Capital is the first decision factor for most founders, and there are two frameworks in play, so precision matters. The governing 2026 rule is MiCA Annex IV, which sets minimum capital by service class. The old national thresholds are expiring and must not be used for budgeting. Lead with the MiCA figures.

Capital by class - Class 1, 2 and 3

MiCA Annex IV sets a permanent minimum capital floor for each of three classes, scaling with the riskiness of the services performed:

The Article 67 own-funds test

The Annex IV minimum is only a floor. Under MiCA Article 67, a CASP must hold at all times the higher of either the Annex IV permanent minimum for its class, or one quarter of the preceding year's fixed overheads. Those safeguards may consist of own funds (CET1) and/or a qualifying insurance policy. A high-overhead operator can therefore face an own-funds requirement well above the headline class minimum, a detail many country guides omit.

Legacy MLTFPA thresholds (expiring) - EUR 100,000 / 250,000

The figures you may still see quoted, EUR 100,000 for exchange and custody and EUR 250,000 for transfer and payment services, are the national MLTFPA thresholds, not the MiCA figures. They belong to the expiring regime. Do not budget against them. Lead with the Annex IV numbers (EUR 50,000 / 125,000 / 150,000) and treat the 100,000 / 250,000 figures only as legacy context.

Which Services Fall in Class 1, Class 2 and Class 3

The class you fall into is driven by the services you provide, and the capital floor follows from there. MiCA Annex IV lists the activities for each class. In short, advice and order handling sit at the lowest tier; custody and exchange push you up; operating a trading platform sits at the top. Map your business model to the right tier before you fix a budget.

Class 1 services (advice, order handling, transfer, placing, portfolio management)

Class 1 covers execution of orders on behalf of clients, placing of crypto-assets, transfer services for crypto-assets on behalf of clients, reception and transmission of orders, advice on crypto-assets, and portfolio management on crypto-assets. These are the lower-risk, non-custodial activities that define the EUR 50,000 perimeter under Annex IV.

Class 2 services (custody, exchange crypto/funds, crypto/crypto)

Class 2 adds custody and administration of crypto-assets on behalf of clients, exchange of crypto-assets for funds, and exchange of crypto-assets for other crypto-assets, on top of all Class 1 services. This is the EUR 125,000 tier that most exchanges and custodians land in, because holding client assets or running an exchange function raises the prudential bar.

Class 3 services (operation of a trading platform)

Class 3 covers all Class 2 services plus the operation of a trading platform for crypto-assets, carrying the EUR 150,000 minimum. This is the tier for firms running a venue where third-party buy and sell interests meet. If your model is a trading venue, you are in Class 3, with the full set of platform-operator obligations attached.

Substance and Local-Presence Requirements

Substance is the second core requirement and the one that most often surprises non-EU founders. MiCA is built to prevent letterbox entities, so an Estonian CASP must be a genuine local operation, not a shell. The rules below combine the current MiCA substance expectations with the legacy Estonian baseline, and several precise points are flagged for verification against primary text.

MiCA substance (registered office, effective management, resident director)

Under MiCA, a CASP must have its registered office in the Member State of authorisation, place its effective management in the EU, and have at least one director resident in the EU. The exact resident-director count and the precise "place of effective management" wording (MiCA Arts 59, 62 and 68) are flagged for legal verification against the primary regulation before any firm relies on the specifics. The legacy Estonian baseline added a registered office in Estonia, local board members and an Estonian-resident compliance officer, and genuine local activity.

Fit-and-proper and AML/CFT obligations

The management body and qualifying shareholders must meet good-repute and suitability tests, including criminal-record checks. AML and CFT, KYC, transaction-monitoring and suspicious-activity-reporting frameworks remain mandatory under both the legacy and the MiCA regimes. For the full picture of these controls, see AML and KYC obligations. A CASP cannot be authorised without a credible compliance stack staffed by people who pass the fit-and-proper bar.

DORA / ICT resilience and ongoing reporting

MiCA CASPs face ongoing prudential, governance, ICT-resilience and reporting obligations, with the ICT-resilience expectations aligned to DORA, the EU's Digital Operational Resilience Act. The exact audit-mandate wording is flagged for verification against primary sources. In practice this means documented operational-resilience controls, incident reporting and continuity arrangements, plus regular regulatory reporting once authorised. Many country guides skip DORA entirely; it is a real and ongoing burden.

Does e-Residency Help You Get an Estonian Crypto Licence?

This is one of the most persistent misconceptions among non-resident founders, so it deserves a direct answer. e-Residency is genuinely useful for incorporating and administering an Estonian company remotely, but it does not satisfy the licensing substance requirements on its own. You can form the company digitally; you still need a real local operation to be authorised.

What e-Residency does (remote OÜ incorporation and management)

Estonia's e-Residency programme lets non-resident founders incorporate and manage an Estonian OÜ (private limited company) remotely, signing and filing documents digitally. It removes much of the friction of company administration and is a real advantage of Estonia's digital-first model. For setting up the legal vehicle, e-Residency is a strong tool.

The substance caveat (why e-Residency is not enough)

e-Residency alone does not meet the licensing substance bar. A CASP still needs a real Estonian office, genuine local management, place of effective management in the EU and a resident compliance officer. Regulators look through digital incorporation to the actual operating reality. Treat e-Residency as a setup convenience, not a shortcut around substance, and budget for a genuine local footprint.

How to Apply: Process and Timeline (MiCA Article 63)

The application path leads to Finantsinspektsioon, and the statutory clock runs on MiCA Article 63. The high-level country-guide flow is below; the deep filing mechanics live on a dedicated page. Note that we anchor duration to the statutory day-counts rather than quoting a single "3 to 6 months" figure, because that figure is legacy and unverified for the MiCA regime.

Step-by-step

The route from idea to authorisation runs through a clear sequence:

1. Incorporate an Estonian OÜ with a registered office and genuine local substance.
2. Build the compliance stack: AML and CFT, KYC, risk management, governance, ICT and DORA resilience, plus a business plan and financial forecasts.
3. Appoint local management and a compliance officer, and evidence good repute and clean criminal records.
4. Apply to Finantsinspektsioon for a MiCA CASP authorisation, with the application package governed by the EBA RTS (Commission Delegated Regulation (EU) 2025/305).
5. Pass assessment under MiCA Article 63 and, on grant, enter the ESMA CASP register with EU and EEA passporting.

For the full filing detail, follow the detailed Estonia VASP-to-CASP process, which covers the package contents and FIU-to-Finantsinspektsioon migration mechanics step by step.

Statutory timeframes under Article 63 (5 / 25 / 40 working days)

MiCA Article 63 sets the only defensible duration figures. The competent authority acknowledges receipt within 5 working days, checks completeness within 25 working days of receipt, and assesses compliance and adopts the authorisation decision within 40 working days of a complete application. The clock may be suspended while the authority awaits requested information, for a period not exceeding 20 working days.

How long it really takes (why "3-6 months" is not a fact)

The honest answer is that real-world duration varies with application completeness and the volume of regulator queries. The statutory Article 63 day-counts are the floor, but they only start running on a complete application, and a single information request can pause the clock for up to 20 working days. We deliberately avoid asserting a fixed "3 to 6 months" or "120 business days" timeline, because those numbers are legacy or unverified for MiCA. Plan against completeness, not a calendar promise.

From our practice: the single biggest driver of timeline overrun we see is an incomplete application, not regulator slowness. Firms that arrive with a tested compliance stack, named and fit-and-proper management, and clear financial forecasts move through the Article 63 stages with far fewer information-request pauses. Front-loading substance and documentation is where the real time savings are.

How Much Does an Estonian Crypto Licence Cost?

Cost is a frequent question, and an honest guide answers it without inventing a fee schedule. We can give you the confirmed budgeting anchors and be clear about what is not yet verified. The capital floors are the dependable starting point; the state fee schedule under the MiCA regime is not something we will assert without a primary source.

What you can budget for (capital, setup, compliance, ongoing)

Budget against the confirmed capital floors of EUR 50,000, EUR 125,000 or EUR 150,000 by class, plus the Article 67 own-funds test, which can lift the requirement above the class minimum for higher-overhead firms. Beyond capital, plan for company setup, the build-out of the compliance stack, local office and staffing for genuine substance, and ongoing prudential, governance and ICT-resilience costs once authorised. We do not publish a price list; these are the cost categories to model.

What we cannot confirm yet (state application + supervisory fees)

We have not been able to confirm a Finantsinspektsioon application-fee or supervisory-fee schedule under the MiCA regime. The figures you may see quoted, a EUR 10,000 application fee and a levy of 2 percent of transaction volume, are legacy FIU-era numbers that should not be carried forward into a 2026 budget. Treat the state fee schedule as unconfirmed pending a primary Finantsinspektsioon source.

Why Choose Estonia for a Crypto Licence

For a founder choosing where to authorise, Estonia's value proposition rests on genuine strengths, framed honestly. The strongest advantage is EU-wide reach from one authorisation; the digital-first administration and early-mover track record are real differentiators; and we deliberately hold back on tax claims that are not verified for 2026.

EU-wide reach through one MiCA authorisation

The headline advantage is passporting. A MiCA CASP authorisation obtained in Estonia is valid across the EU and EEA and can be passported to other Member States, giving you the whole single market from one licence. Unlike the old national VASP regime, which was Estonia-bound, the CASP authorisation is built for cross-border crypto activity.

Digital-first administration and early-mover track record

Estonia's e-Residency and e-government infrastructure make company administration genuinely digital-first, which lowers the friction of running the entity. Estonia was also among the first EU states to license crypto activity, giving its regulator and market deep familiarity with the sector. That early-mover track record is a soft but real differentiator when you are choosing among otherwise similar MiCA jurisdictions.

Tax considerations (verify before relying on any figure)

We deliberately do not state an Estonian corporate-tax rate as fact here. The figures sometimes quoted, 0 percent on undistributed profits and a distributed-profit rate, are legacy archive claims that are unverified for 2026, and Estonia's distributed-profit rate has changed over time. Verify the current rate against a primary Estonian tax source before relying on any number for planning. Tax should inform, not dominate, a licensing decision.

Estonia vs Other EU MiCA Jurisdictions

Because MiCA is harmonised, the capital and process baselines are largely the same across EU Member States. What differs is local execution: substance expectations in practice, regulator responsiveness, administrative friction and soft differentiators like e-Residency. So a jurisdiction choice comes down to fit, not headline numbers. To weigh the options side by side, compare crypto-license jurisdictions on the pillar guide.

Quick comparison with Lithuania and Poland

The MiCA baseline is shared, so read the local detail closely. See Lithuania's MiCA CASP guide and Poland crypto licensing for the country-specific execution that actually separates these options.