MiCAR - frequently asked questions

Page last updated 2 September 2025

Authorisations

My firm is considering applying for a CASP authorisation under MiCAR, what action should be taken?

The Central Bank encourages early engagement with applicants, which will include meetings where the applicant firm can outline its business model and strategy for MiCAR. We will outline our authorisation and supervisory expectations at these meetings.
Virtual Asset Service Providers (VASPs) that are registered with the Central Bank are requested to engage with their supervisor to arrange a crypto-asset service provider (CASP) engagement meeting.
Other existing regulated entities are requested to engage with their lead supervisor to arrange a CASP early engagement meeting.
Firms that have no current Central Bank contact should engage with our Innovation Hub in the first instance.

How long will a CASP application take?

The full process for a CASP application will be dependent on the nature, scale and complexity of the firm and the extent of preparedness of the applicant.
It is important to distinguish between the pre-application engagement phase and the formal application phase.
The pre-application engagement phase will gather the information required to allow the applicant firm proceed to the formal application process.
Following receipt of a formal application for authorisation, the Central Bank will be required to adhere to the timelines for assessment of the application set out in Article 63 of MiCAR. As with all applications, the length of the application process will be dependent on the quality of the application submitted and the quality of the engagement and information provided by the firm.
The completeness of the application and the ability of the firm to engage in robust discussions on their proposal will have a critical impact on the authorisation timelines.
In general, based on our experience, the best-prepared firms which are willing to engage transparently in the authorisation process proceed through the process more efficiently.

What is the notification process for a Credit Institution, MiFID investment firm, Electronic Money Institution, an in-scope UCITS Management Company or Alternative Investment Fund Manager which is proposing to provide crypto-asset services?

Firms considering notifications must consider whether, in fact, prior approval is required under their existing authorisation/supervisory regime.
If in doubt, please engage with your supervision team in the first instance.
This step must be completed before a CASP notification form can be submitted to the Central Bank. MiCAR prescribes a 40 working day notice which is extendable if the Central Bank requires further information.
This additional information must be requested by the Central Bank within the first 20 working days.
Firms which have notified the Central Bank of their intention to provide relevant crypto-asset services should follow all existing sectoral guidance and expectations relating to their licence, as well as following guidance and expectations relating to the crypto-asset services they are offering.

Is there a simplified authorisation assessment procedure in place for firms that are seeking other authorisations in addition to a CASP authorisation under MiCAR?

It is not uncommon, across all the sectors that the Central Bank regulates, for a firm to seek more than one licence to operate their business. Sometimes the licences are sought simultaneously, and sometimes it happens over time as a firm’s business develops and expands. In either scenario, the Central Bank will assess the relevant application under the applicable regime which governs that licence thereby necessitating two distinct assessment processes within the Central Bank.
There is a degree of overlap, both in terms of the information which is required to be submitted by the applicant firm, and the judgment which the Central Bank will bring to issues such as substantive presence or resources (amongst others).
The Central Bank ensures that there is transparency and sharing of information between the two parallel application processes to gain as much efficiency as possible. The relevant authorisation teams work closely together. Where any firm is considering applying simultaneously for a CASP license and an EMI licence it should, once it has a concrete proposal and has taken the necessary preparatory steps, contact either the Central Bank’s PIEMI Authorisations team or the CASP Authorisations team to arrange a meeting where further detail on process and expectations will be shared by both teams.

Expectations

How will the Central Bank’s authorisation and supervisory expectations reconcile with the European Supervisory Authorities’ convergent approach to MiCAR authorisation and supervision across the EU 27?

The Central Bank’s expectations and processes were developed based on the MiCAR level 1 text and the supporting technical standards and guidelines that are currently nearing finalisation.
The Central Bank is working with EU colleagues through the European Supervisory Authorities to build convergence around authorisation and supervisory expectations and processes.

The timeline to obtain a CASP authorisation is tight. How will the Central Bank ensure an efficient process when dealing with firms that are already registered as a VASP or authorised to undertake other regulated services?

The Central Bank expects that some of the existing VASP registered firms will seek to be authorised as CASPs under MiCAR.
VASPs seeking to become MiCAR authorised CASPs must go through the full CASP application process. As with all authorisations, an applicant will be subject to a robust assessment to ensure it will meet both its obligations under MiCAR and our supervisory requirements.
Where there is a pre-existing relationship between the regulated entity and the Central Bank, all supervisory knowledge will be taken into account as part of any authorisation assessment.

What are the Central Bank’s expectations in relation to substance?[1]

Firms are expected to demonstrate substance and autonomy in Ireland and be led by a local crypto-competent Executive and Board with a strong grasp of the local regulatory environment. Firms must maintain robust local governance and risk management arrangements.

In practical terms, this means:

The local Board and the Executive have full oversight and understanding of all of the firm’s activities and its risks, has independent decision-making, and is of sufficient size and expertise to achieve that outcome.
Regardless of any outsourcing arrangements, and in line with our existing Cross-Industry Guidance on Outsourcing, the local Board and the Executive have full responsibility for risks stemming from outsourcing and outsourcing risk must be effectively managed locally.
We expect the Irish authorised CASP firm to be in a position to robustly discuss any aspect of its business model and strategy, how it operates on a daily basis, and most importantly that the Irish authorised CASP firm can give a full assessment of its risk profile at any time.
Where we have concerns that a firm will not operate in this manner and it would ultimately impact on our ability to supervise the firm, it will not be authorised.

[1] Consider Section 4.2 of ESMA’s Supervisory Briefing - Authorisation of CASPs under MiCA, 31/01/25

What is the Central Bank’s position on dual-hatting of PCF/CF role holders between an EMI and a CASP within the same group?

Dual-hatting may be permitted on a case-by-case basis depending on the nature, scale and complexity of the applicant’s proposal and insofar as there is no blurring of the three lines of defence.
Any proposal for dual-hatting shall be accompanied by a detailed rationale setting out how the proposed role holder shall have sufficient capacity, and the appropriate qualifications/experience, to effectively perform the proposed roles.

How will the Central Bank’s supervisory expectations/risk appetite be applied to firms that target institutional clients only?

The crypto sector has always exhibited extreme volatility and investments are often highly speculative in nature. Consumers and investors will face risks from this high price volatility, along with risks from security issues and fraud.
The Central Bank’s supervisory approach differentiates between consumers and professional investors. We are sceptical of un-backed crypto-assets that have no utility and are heavily marketed for speculation to retail consumers.
The target customer base is a key element shaping our view of risk. Where we see higher risks in the products offered to customers, we will have higher expectations of a firm’s ability to manage these risks.

What requirements will the Central Bank place on CASPs regarding the submission of Registers of Information (RoIs) in relation to the use of ICT services?

Financial entities subject to the Digital Operational Resilience Act (DORA) (Regulation (EU) 2022/2554) will be required to submit RoIs in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers, which they maintain in accordance with DORA Article 28(3). From 2026 onwards, the formal submission of RoIs will take place in Q1 each year.
Financial entities, including CASPs, shall report at least yearly to the Central Bank on the number of new arrangements on the use of ICT services, the categories of ICT third-party service providers, the type of contractual arrangements and the ICT services and functions which are being provided i.e. the (RoIs). .
In addition, financial entities shall make available to the Central Bank, upon its request, the full RoIor, as requested, specified sections thereof.
The next formal submission of RoIs is scheduled for Q1 2026, CASPs should commence preparation of the RoIs as soon as possible, to ensure they are in a position to submit a compliant RoI within the scheduled timelines.

What is the minimum qualification, experience and CPD required for staff giving information on crypto-asses and crypto assets services to clients?

ESMA has developed guidelines to assess the knowledge and competence of staff providing advice or information about crypto-assets or crypto-asset services and their application. These guidelines assist CASPs in meeting their obligations to act in the best interest of their clients.

Policy

Is there a simplified authorisation assessment procedure in place for firms that are already operating as VASPs?

Article 143(6) MiCAR provides an option for Member States to apply, (for a limited period of 18 months), a simplified procedure for applications for an authorisation submitted by an entity that already provides crypto-asset services.
This simplified procedure is only applicable when the following conditions are fulfilled:
- The entity was authorised to provide crypto-asset services under national law before 30 December 2024 and
- A NCA ensures that Chapters 2 and 3 of Title V of MiCAR are complied with prior to granting any authorisation.
Under the Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) framework, VASPs are registered, rather than authorised as prescribed under Article 143(6) MiCAR.
The VASP regime in Ireland is an AML/CFT framework and is a registration process and not an authorisation process. This VASP regime is not equivalent to MiCAR and is not sufficient for the simplified procedure envisaged in MiCAR.
Only applicant firms which are not VASPs in Ireland must complete the Anti-Money Laundering, Counter-Terrorist Financing and Financial Sanctions Pre-Authorisation Risk Evaluation Questionnaire.

Is it possible for stakeholders to continue to provide crypto-asset services for ARTs and EMTs which are not compliant with MiCAR?

From 30 June 2024, MiCAR is applicable to issuers, offerors and persons seeking admission to trading of Asset–Referenced Tokens (ARTs) and Electronic Money Tokens (EMTs).
Accordingly, any person who is or is intending to commence any such ART or EMT activities should be mindful of the requirements under MiCAR.
In a July 2024 statement, the EBA noted that stakeholders providing crypto-asset services for ARTs/EMTs should as soon as possible establish procedures to assess the compliance of those ARTs/EMTs with MiCAR.
Furthermore, the EBA has said that such stakeholders should from 30 June 2024 refrain, from carrying out services that constitute offering to the public, seeking admission to trading or placing any ARTs/EMTs which are not compliant with MiCAR.
The Central Bank expects that firms listing any stablecoins that are not compliant with MiCAR to implement these actions as soon as possible and they should aim to complete this work by end Q1 2025.

What is the Central Bank’s position on CASPs utilising trading and execution venues in non-EU jurisdictions?

ESMA issued an opinion to address the risks presented by global crypto firms seeking authorisation under MiCAR for part of their activities (crypto brokerage) while keeping a substantial part of their group activities (intra-group execution venues) outside the EU regulatory scope.ESMA recommends that NCAs are vigilant during the authorisation process and assess business structures of global firms to ensure that they do not bypass obligations established in MiCAR, to protect consumers and ensure transparent and orderly functioning of crypto markets.²
In line with the ESMA opinion the Central Bank will be assessing this on a case-by-case basis, outlining the specific requirements that should be met regarding best-execution, conflicts of interest, the obligation to act honestly, fairly and professionally in the best interests of clients and the obligation relating to the custody and administration of crypto-assets on behalf of clients.

[2] ESMA Opinion on Broker Models – July 2024

Does a MiCAR licence allow CASPs to passport across the EU, similar to other licences?

A CASP may provide crypto-asset services on a cross-border basis, subject to a CASP submitting complete information to its home NCA, as specified below:

A list of the member states in which it intends to provide crypto-assets services;
The crypto-asset services which it intends to provide on a cross-border basis;
The starting date of the intended provision of the crypto-asset services; and
A list of all of the other activities not covered by MiCAR which the CASP provides.

Please refer to Article 65 MiCAR for further details regarding the timing of the process.

Does the Consumer Protection Code (“the Code”) apply to CASPs/ EMIs/ CIs /other RFSPs when providing crypto–asset services and/or when issuing or offering ARTs/EMTs?

The Code applies to regulated activities of regulated entities operating in Ireland including regulated financial service providers authorised in another EU or EEA member state when providing services in Ireland on a branch or cross-border basis.
The Code will apply in full to inward passporting CASPs/EMIs/CI/other RFSPs when they are providing crypto–asset services or when issuing or offering ARTs/EMTs.
This is except in instances where there is an overlap with an equivalent requirement contained in MiCAR or where a provision in the Code is not relevant due to the nature of the firm’s business model.
An addendum to the Code was published in December 2024. The addendum sets out the relevant parts of the Code that applies to activities regulated under MiCAR.

The revised Consumer Protection Code took effect on 24 March 2026 and will also apply to all activities regulated under MiCAR.

VASPS

Can a VASP registered with the Central Bank, which is not seeking a MiCAR licence in Ireland, continue to operate under the grandfathering provisions of MiCAR?

Where a VASP was registered and operating as a VASP on 30 December 2024, they may avail of the transitional arrangements under MiCAR, but as per the current VASP regime, they do not have any passporting rights under the Irish VASP regime to provide their services in other jurisdictions. Any VASP not intending to apply for a MiCAR authorisation should establish clear wind-down plans and make arrangements to cease providing services by the end December 2025.

Title II notifications

Can you provide an overview of the Central Bank’s notification procedure for crypto-assets which are not ARTs or EMTs?

The Title II notification procedure follows the following steps:

Title II Issuer (the “Issuer”) contacts the Central Bank to express their intent to notify ESMA of their white paper.
The Central Bank creates a limited access request via Kite works and shares a tailored access link with the Issuer.
Once documentation is submitted, the Central Bank confirms receipt and notifies the Issuer that the 5 day review of notification documents has commenced.
Any amendments/modifications during this period shall be coordinated between the Central Bank and the Issuer.
The Central Bank carries out an assessment of submitted notification documents within 5 days of receipt of the relevant documents.
If the Central Bank is satisfied with the notification, the white paper and associated documents are transmitted to ESMA and the relevant Host NCAs.

Complaints Handling

How do I make a consumer complaint?

Individual complaints against regulated financial services firms or complaints about regulated financial services, must first be raised with the regulated financial services firm concerned to provide it with an opportunity to respond to your complaint. Under the Central Bank’s Consumer Protection Code, all regulated financial services firms must have a complaints handling procedure in place.

If you are not happy with the response from the financial services firm, you have the right to refer the complaint to the Financial Services and Pensions Ombudsman (“FSPO”).

The FSPO is the independent service that helps resolve individual complaints between customers* (which includes individuals and also sole traders, partnerships and companies with a turnover not exceeding €3 million) and regulated financial services providers.

Details regarding the FSPO, including how to submit a complaint, are available on the FSPO’s website.

Please see the Central Bank's Consumer Hub for further information on making a complaint against a financial service provider.

* For further information on what is meant by “customer” in this context see the definition of “complainant” in Section 2(1) of the Financial Services and Pensions Ombudsman Act 2017.

How do I submit information regarding an alleged infringement of MiCAR (Regulation (EU) 2023/1114)?

Where a person wishes to report an actual or potential infringement under Markets in crypto-assets Regulation (Regulation (EU) No. 2023/1114) they may make the report through the following channels.

E-mail: [email protected];
Phone: 1800 130 014: Calls are answered Monday to Friday 9.30 - 17.00;
Post: Protected Disclosures Desk, Central Bank of Ireland, PO Box 559, Dublin 1, D01 W920.

Include “MiCAR Alleged Infringement” is in the subject line of your correspondence with the Central Bank.

Read more on the Central Bank’s complaint handling procedures under Article 108 MiCAR, including information on what you should include if you are contacting the Central Bank.

See also:

Markets in Crypto-Assets Regulation (MiCAR)