VASP Registration in Estonia: Updated 2026 Guide (Now CASP Under MiCA)
Estonia's legacy VASP licences end 1 July 2026, replaced by MiCA CASP authorisation from Finantsinspektsioon with no auto-conversion. See capital, substance, how to apply.
VASP registration in Estonia no longer works the way it did. A legacy Estonian VASP authorisation is a national licence granted under the Money Laundering and Terrorist Financing Prevention Act and supervised by the Financial Intelligence Unit. From 1 July 2026 that authorisation stops being valid: the crypto-asset service it covered now requires a MiCA CASP authorisation from Finantsinspektsioon.
If you searched for an Estonian VASP licence, you are really searching for what replaces it. This guide explains the sunset, the successor CASP regime under the EU Markets in Crypto-Assets Regulation, the capital classes, the substance and compliance rules, and the migration path from a closing legacy licence to a passportable EU authorisation. We separate the two regimes carefully, because blending them is where most outdated guidance goes wrong.
Is an Estonian VASP licence still valid in 2026?
A legacy Estonian VASP authorisation is valid only until 1 July 2026. From that date it ceases to be valid, and crypto-asset services in or from Estonia require either a Finantsinspektsioon MiCA CASP authorisation or an equivalent EU CASP authorisation passported into Estonia. There is no automatic conversion of the old licence.
This is the answer that matters most for any founder or compliance officer auditing an Estonian structure in 2026. The window comes from MiCA itself, then was confirmed for Estonia by the national regulator.
The short answer: legacy VASP cover ends 1 July 2026
MiCA's CASP rules in Title V applied from 30 December 2024, and Article 143(3) gave providers who lawfully operated under national law before that date a transitional, grandfathering window. The maximum transitional period is 18 months, running to 1 July 2026, or until the firm's MiCA authorisation is granted or refused, whichever comes first (MiCA Art. 143(3)). Member States were allowed to shorten that window or not apply it at all, and Estonia took the full backstop date as a hard cut-off.
What you must hold instead from 1 July 2026
On 23 March 2026 Finantsinspektsioon confirmed that the transition ends in summer 2026, and that after 1 July 2026 only firms holding a Finantsinspektsioon MiCA authorisation, or an equivalent EU CASP authorisation obtained elsewhere and passported in, may lawfully provide crypto-asset services in or from Estonia (Finantsinspektsioon statement). A legacy VASP holder must apply afresh. Nothing migrates by default.
What replaced the VASP licence: CASP authorisation under MiCA
The successor to the Estonian VASP licence is the Crypto-Asset Service Provider authorisation under MiCA, Regulation (EU) 2023/1114. It is an EU-harmonised, prudential authorisation rather than a national, AML-only registration, and its operating rules have applied across the Union since 30 December 2024 (MiCA Title V).
The shift is not cosmetic. A national VASP licence was bounded by Estonian law and Estonian supervision. A CASP authorisation is recognised across the EU and EEA, comes with capital, governance, and prudential obligations defined at EU level, and is the only forward-looking route for a crypto business in Estonia.
Why MiCA superseded the national MLTFPA regime
Before MiCA, Estonia authorised virtual asset service providers under the national Money Laundering and Terrorist Financing Prevention Act (MLTFPA), with the Financial Intelligence Unit acting as the AML supervisor. That framework treated crypto licensing primarily as an anti-money-laundering matter. MiCA replaces this patchwork of national regimes with a single, prudential authorisation standard so that one set of rules governs CASPs everywhere in the EU, closing the regulatory arbitrage that the older national licences created.
What a CASP authorisation lets you do (service scope)
A MiCA CASP authorisation can cover custody and administration of crypto-assets, exchange of crypto-assets for funds, exchange of crypto-assets for other crypto-assets, operation of a trading platform, execution of orders, placing of crypto-assets, transfer services, reception and transmission of orders, advice on crypto-assets, and portfolio management on crypto-assets (MiCA Annex IV). Which of these you can offer determines your capital class, covered in the capital section below.
Who regulates crypto in Estonia now: Finantsinspektsioon vs the FIU
The single most common confusion in outdated Estonian guidance is the regulator. Authorisation today is granted by Finantsinspektsioon under MiCA. The Financial Intelligence Unit historically handled AML supervision under the MLTFPA, but the licensing authority is now the Financial Supervision Authority, not the FIU (Finantsinspektsioon). Some older pages even named an ambiguous "Estonian Financial Supervision Authority (FSA)" and quoted a "120 business days" review figure; the correct authority is Finantsinspektsioon, and the legacy day-count should not be relied on for the MiCA process.
Finantsinspektsioon: the live licensing authority
Finantsinspektsioon is Estonia's prudential financial regulator. Under MiCA it is the competent authority that receives, assesses, and decides CASP authorisation applications, and it supervises authorised CASPs on an ongoing prudential basis (MiCA Title V). A 2026 application goes to Finantsinspektsioon, governed by the EU rules, not to the FIU under the national act.
The FIU/MLTFPA legacy AML role (now closing)
The FIU (Rahapesu Andmebüroo) supervised legacy VASPs for AML and counter-terrorist-financing compliance under the MLTFPA. That was the licensing and oversight door for the national VASP regime (MLTFPA / FIU). With the legacy authorisations ceasing on 1 July 2026, that route is closing, and the AML obligations now sit inside the broader MiCA prudential framework supervised by Finantsinspektsioon.
How much capital do you need for an Estonian CASP? (MiCA Annex IV)
Capital for an Estonian CASP is set by MiCA Annex IV, which fixes a permanent minimum by service class, and by Article 67, which adds an ongoing own-funds test. The minimum is EUR 50,000 for Class 1, EUR 125,000 for Class 2, and EUR 150,000 for Class 3 (MiCA Annex IV). These are the figures that govern a 2026 application; the old MLTFPA numbers are expiring.
Capital by CASP class (Class 1 / 2 / 3)
| CASP class | Permanent minimum capital | Indicative service scope |
|---|---|---|
| Class 1 | EUR 50,000 | Execution of orders; placing; transfer services; reception and transmission of orders; advice; portfolio management |
| Class 2 | EUR 125,000 | All Class 1 services plus custody and administration; exchange crypto-for-funds; exchange crypto-for-crypto |
| Class 3 | EUR 150,000 | All Class 2 services plus operation of a trading platform |
The class is driven by the broadest service you intend to provide, so a firm running an exchange or a trading platform lands in the higher classes (MiCA Annex IV).
The Article 67 own-funds and fixed-overheads test
The permanent minimum is a floor, not the whole requirement. Under Article 67 a CASP must hold own funds at all times equal to the higher of (a) the Annex IV permanent minimum capital for its class, or (b) one quarter of the preceding year's fixed overheads, reviewed annually. Eligible safeguards are own funds in the form of Common Equity Tier 1 capital under Regulation (EU) 575/2013 and/or a qualifying insurance policy (MiCA Art. 67). A larger operation may therefore need to hold more than the headline class minimum.
Legacy MLTFPA figures (EUR 100,000 / 250,000) are expiring
Older Estonian guidance cites EUR 100,000 of share capital for standard virtual-currency services and EUR 250,000 for transfer services. These are legacy national MLTFPA thresholds, not MiCA figures (legacy MLTFPA thresholds). They are expiring with the regime that created them and should never be presented as the requirement for a new 2026 authorisation. For any forward-looking plan, the MiCA Annex IV figures of EUR 50,000 / 125,000 / 150,000 are the governing numbers.
Substance, fit-and-proper and compliance requirements
A CASP authorisation is not a paper exercise. Finantsinspektsioon expects genuine local substance, a clean and competent management body, a full AML and KYC stack, and operational resilience. These requirements draw on MiCA and, on the AML side, on the obligations carried over from the legacy framework (MiCA Title V).
Local substance and EU effective management
MiCA requires effective management from within the EU, meaning a place of effective management in a Member State and at least one director resident in the EU, together with a registered office in the Member State of authorisation. The legacy Estonian regime had already required local management, an Estonian registered office, and an Estonian-resident AML officer as a reaction to past letterbox abuse (substance requirements). The exact MiCA substance wording, including the precise resident-director count, should be confirmed against the primary text before you fix your structure.
AML/CFT, KYC and ongoing monitoring
A CASP must operate mandatory AML/CFT, KYC, transaction-monitoring, and suspicious-activity-reporting frameworks. The management body and qualifying shareholders must pass good-repute and suitability, the fit-and-proper tests, including criminal-record checks (fit-and-proper and AML). These controls are assessed at authorisation and supervised on an ongoing basis, so they need to be real and operational, not just documented.
DORA, ICT resilience and audited accounts
A CASP must align its ICT systems with the Digital Operational Resilience Act (DORA), maintaining operational and cyber resilience. Annual audited financial statements were required under the legacy Estonian regime, and MiCA CASPs face ongoing prudential and reporting obligations (reporting and ICT). The exact MiCA CASP audit mandate should be confirmed against Finantsinspektsioon's primary guidance once it is accessible.
How to apply: from OÜ incorporation to Finantsinspektsioon authorisation
The application path runs from incorporating an Estonian company through building a compliant operation to filing with Finantsinspektsioon under the EBA technical standards. The package is governed by Commission Delegated Regulation (EU) 2025/305, the EBA regulatory technical standards on CASP authorisation (EBA RTS (EU) 2025/305). Below is the route in six steps.
Step 1-2: Incorporate the OÜ and build the compliance stack
First, incorporate an Estonian entity, typically an OÜ (private limited company), with a registered office and genuine local substance. Then build the compliance stack: AML/CFT policies, KYC procedures, risk management, governance arrangements, DORA-aligned ICT resilience, and a business plan with financial forecasts (process). This stage determines whether the later assessment goes smoothly.
Step 3-4: Appoint management and file with Finantsinspektsioon
Next, appoint local management and a compliance officer who can evidence good repute and a clean criminal record. Then file the MiCA CASP authorisation application with Finantsinspektsioon, not the FIU, structured to the EBA RTS in Regulation (EU) 2025/305 (EBA RTS (EU) 2025/305). Filing to the wrong authority or to the legacy route wastes the limited window before the 1 July 2026 backstop.
Step 5-6: Completeness, substance assessment, ESMA register and passporting
Finantsinspektsioon first checks the application for completeness, then assesses substance against the MiCA standards. Once authorised, the CASP is entered in the ESMA register of CASPs, and the authorisation can be passported across the EU and EEA (MiCA Title V). The exact statutory day-counts for completeness and substantive assessment under Article 63 should be read from the primary MiCA text rather than assumed.
Have questions about your specific situation? Book a free 15-minute discovery call with our licensed advisers, no commitment. Book a Call
How long does authorisation take, and what is the deadline?
There is one fixed date and one variable. The fixed date is the 1 July 2026 backstop after which legacy VASP cover ends. The variable is how long Finantsinspektsioon takes to grant a CASP authorisation, which depends on the completeness of your application and the volume of regulator queries, not on a single advertised figure (MiCA Title V).
The hard backstop: 1 July 2026
After 1 July 2026, legacy Estonian VASP authorisations cease to be valid, and only a Finantsinspektsioon MiCA authorisation or an equivalent passported EU CASP authorisation permits lawful crypto-asset services in or from Estonia (MiCA Art. 143(3)). This date is immovable for planning purposes and should anchor every timeline.
Why a single timeframe figure is misleading
You will see "6 to 8 months" quoted in older guidance, and Article 63 sets statutory time limits. Both are easy to misread. Real elapsed time is driven by application completeness and the back-and-forth of regulator queries, so a single headline figure can mislead more than it helps (MiCA Title V). Plan around the 1 July 2026 backstop and the quality of your submission, and confirm exact day-counts against the primary text.
Migrating from a legacy VASP licence to a CASP authorisation
If you already hold a legacy Estonian VASP licence, the central fact is that it does not roll over. There is no automatic conversion: an existing VASP holder must submit a fresh CASP application to Finantsinspektsioon, and the legacy authorisation expires on 1 July 2026 regardless of where that application stands (no auto-conversion). The transitional window ran from the 30 December 2024 MiCA start to the 1 July 2026 cut-off (MiCA Art. 143(3)).
No automatic conversion: what an existing VASP holder must do
A legacy holder should treat migration as a fresh authorisation project: re-paper the compliance stack to MiCA standards, confirm capital against Annex IV and Article 67, evidence EU effective management, and file with Finantsinspektsioon under the EBA RTS (no auto-conversion). The earlier you file, the more of the assessment can complete before the legacy authorisation lapses.
Equivalent EU authorisation and passporting as an alternative route
Estonia is not the only path to operating there. A CASP authorisation granted by another EU or EEA competent authority can be passported into Estonia, and that is an equally lawful basis for serving Estonian clients after the sunset (passporting). For groups already authorised elsewhere in the EU, passporting may be faster than a fresh Estonian application.
A note on fees and outdated cost figures
Outdated Estonian guidance often quotes a "EUR 10,000 application fee" and a "2% of annual transaction volume" supervision levy. These are legacy MLTFPA and FIU-era figures and are not verified for the MiCA and Finantsinspektsioon regime, so they should not be relied on as current costs (legacy fee context).
Why the old "EUR 10,000 fee" and "2% levy" should not be relied on
Because the legacy regime is being retired, its fee schedule cannot safely be carried into the MiCA process. We do not state a current MiCA application fee or supervision charge for Estonia without a primary Finantsinspektsioon fee schedule, and neither should any 2026 plan. Treat the old figures as expiring and unverified, and confirm current costs against the regulator's published schedule before budgeting.
Work with a Crypto Valley advisory team on your Estonian CASP application
By Magnus Müller · Reviewed by Magnus Müller · Last updated: 2026-06-14
Frequently asked questions
Is the old Estonian VASP licence still valid in 2026?
Legacy Estonian VASP authorisations cease to be valid after 1 July 2026. From that date you must hold a Finantsinspektsioon MiCA CASP authorisation, or an equivalent EU CASP authorisation passported into Estonia, to lawfully provide crypto-asset services in or from the country.
What replaced the VASP licence in Estonia?
The CASP authorisation under MiCA, Regulation (EU) 2023/1114, issued by Finantsinspektsioon, replaces the national VASP licence. It is an EU-harmonised, prudential authorisation rather than a national AML-only registration, and its operating rules have applied across the Union since 30 December 2024.
Who regulates crypto in Estonia now, the FIU or Finantsinspektsioon?
Authorisation is now granted by Finantsinspektsioon under MiCA. AML supervision was historically handled by the Financial Intelligence Unit (Rahapesu Andmebüroo) under the national MLTFPA, but the licensing authority for a 2026 crypto application is the Financial Supervision Authority, not the FIU.
How much capital do I need for a CASP in Estonia?
MiCA Annex IV sets EUR 50,000, 125,000 or 150,000 depending on the CASP class, plus the Article 67 own-funds test. Under that test you must hold the higher of the Annex IV minimum for your class or one quarter of the preceding year's fixed overheads, reviewed annually.
Which services fall in Class 1, Class 2 and Class 3?
Class 1 covers execution, placing, transfer, reception and transmission of orders, advice and portfolio management. Class 2 adds custody and administration plus the two exchange services. Class 3 adds operating a trading platform. The broadest service you offer sets your class and minimum capital.
Does my old VASP licence convert automatically to a CASP authorisation?
No. There is no automatic conversion. An existing VASP holder must submit a fresh CASP application to Finantsinspektsioon, and the legacy authorisation expires on 1 July 2026 regardless of how far that new application has progressed by then.
Can a non-EU founder still get an Estonian crypto authorisation?
Yes, but the company must be Estonian-incorporated with EU and local substance and effective management, including a registered office in Estonia and EU-based management. MiCA requires a place of effective management in a Member State and at least one EU-resident director.
Can an Estonian CASP authorisation be used across the EU?
Yes. A MiCA CASP authorisation can be passported across the EU and EEA, so one Estonian authorisation lets you serve clients in other Member States. Equally, a CASP authorisation granted in another EU state can be passported into Estonia after the legacy sunset.
What was the difference between the old EUR 100,000 / 250,000 capital and the new figures?
The EUR 100,000 and 250,000 figures were legacy MLTFPA national thresholds, EUR 100,000 for standard virtual-currency services and EUR 250,000 for transfer services, and they are expiring. The governing MiCA Annex IV figures are now EUR 50,000, 125,000 and 150,000 by class.
What is the deadline to be MiCA-compliant in Estonia?
1 July 2026 is the hard backstop ending the transitional period. After it, only a Finantsinspektsioon MiCA CASP authorisation, or an equivalent passported EU authorisation, is lawful for crypto-asset services in or from Estonia. Legacy VASP authorisations cease to be valid on that date.
What services are covered by a MiCA CASP authorisation?
Custody and administration, exchange of crypto for funds and crypto for crypto, operation of a trading platform, execution of orders, placing, transfer services, reception and transmission of orders, advice on crypto-assets and portfolio management. The combination you offer determines your Annex IV capital class.
Do I still need a local office and resident compliance officer?
A registered office in Estonia and EU effective management, meaning a place of effective management plus an EU-based director, are required. The legacy regime required an Estonian-resident AML officer; the exact MiCA substance wording, including the precise resident-director count, should be confirmed against the primary text.