Skip to content
iGaming Payment SolutionsiGaming Payment Solutions

Pillar Guide

MiCA CASP Licenses: Which Crypto Payment Processors Hold One, Who Went Dark

The MiCA transitional period ended July 1, 2026. We checked all twelve crypto payment processors in our catalog against the live ESMA register: three hold a real CASP license, one is on the register through a route that is not a CASP, and the rest are pending, dark, or offshore.

Editorial Team

Verified

iGaming Payment Solutions

Deep-diveUpdated

On July 1, 2026, the eighteen-month runway that let crypto firms keep serving EU clients on their old national registrations ran out. A gambling operator does not need a MiCA license to accept crypto, but the processor taking those deposits does, and after the cliff an unauthorized processor stops being a gap in someone else's paperwork. It becomes the operator's own regulatory and counterparty exposure, because the clients of an unauthorized crypto-asset service provider get none of MiCA's safeguards if that provider freezes, fails, or has its EU access pulled.

Every "MiCA-ready" badge on a processor's homepage is a marketing claim until it appears on a regulator's register. This is the register check. We ran all twelve crypto payment processors in our catalog against the ESMA interim CASP register and the national authorities that feed it, as of early July 2026, and resolved each one to a verified status rather than a press release. Three hold a genuine license. One sits on the register through a route that is not a CASP license at all. The other eight are pending, dark, or offshore, and where our own comparison pages had described a status more loosely than the register supports, this audit corrects the record.

The eighteen-month clock behind the cliff

Nothing new happened on July 1 except that a countdown reached zero. MiCA's rules for crypto-asset service providers, set out in Title V of Regulation (EU) 2023/1114, applied from December 30, 2024. Article 143 let member states grandfather firms that were already operating under national crypto rules, for a transitional window capped at eighteen months. December 30, 2024 plus eighteen months lands on July 1, 2026, and that outer boundary is not extendable by any national regulator. A firm that had not secured its CASP authorization by then lost its legal basis to serve EU crypto clients, whatever its old registration said.

Several countries closed the window early. The Netherlands cut it to roughly six months, ending June 30, 2025, a full year ahead of the outer deadline, and Finland, Latvia, Hungary and Slovenia took the same short path. Lithuania ended its own VASP-to-CASP transition on January 1, 2026. The practical effect is that "we hold a national crypto registration" quietly stopped being a lawful basis to serve EU clients on different dates in different states, and for some processors that date had already passed while their marketing still read as business-as-usual.

The regulators were explicit about what unauthorized firms had to do. On June 23, 2026, ESMA called on unauthorized CASPs to wind down in an orderly way: stop onboarding EU clients, cease marketing, and let existing clients only sell, transfer, or close positions. The same statement warned that anyone using an unauthorized provider is outside MiCA's protections. For an operator, that is the sentence that matters, because it puts the consequence of the processor's paperwork onto the operator's players.

1 July 2026

The hard MiCA CASP cliff

Eighteen months after Title V applied on 30 December 2024, per Article 143 of Regulation (EU) 2023/1114. A non-extendable outer boundary. The Netherlands, Finland, Latvia, Hungary and Slovenia closed a year early on 30 June 2025; Lithuania on 1 January 2026.

Three things get called a "MiCA license." Only one is a CASP.

Most coverage of this topic fails on a single distinction, and it is worth getting right before reading any register, because the register itself mixes the categories together. Three different authorizations all get described as "having a MiCA license," and they are not interchangeable.

A CASP authorization is the Title V license to provide crypto-asset services: custody, exchanging crypto for funds or for other crypto, executing orders, transfers, and so on. This is what a payment processor taking casino deposits in crypto actually needs. It is granted by a national authority, it carries an EEA passport, and the entity name appears on the ESMA register with its service list.

An e-money-token authorization is a different regime entirely, under Titles III and IV. A fiat-pegged stablecoin is an e-money token, and issuing one requires an e-money institution or credit-institution license, not a CASP. This is the box Circle sits in: USDC and EURC are compliant EMTs because Circle's French entity, Circle Internet Financial Europe SAS, holds an e-money license from France's ACPR, granted July 1, 2024. Calling that "a CASP" is simply wrong, and the confusion is exactly why the USDT story later in this article gets misattributed to the CASP cliff.

A credit-institution notification is the third route, and it is the one that trips up register readers. Under Article 60, a bank that is already authorized as a credit institution can provide crypto-asset services after a simple notification to its regulator, without going through the full CASP authorization. Article 60(10) expressly exempts those institutions from the Article 63 CASP process. The CSSF spells this out plainly: credit institutions provide crypto services "upon a simple notification." ESMA folds these notifications into the same register file as CASP authorizations, so an entity can be "on the register" and lawfully settling crypto while holding no CASP license at all. That is not a loophole. It is a deliberately different, and arguably stronger, basis. But it is not a CASP, and treating the two as the same thing is how a comparison page ends up asserting something the register does not.

The last trap is the easiest: a legacy national VASP or AML registration is not a MiCA license of any kind. An old Estonian FIU registration, a Lithuanian FCIS virtual-currency-operator entry, an Italian OAM listing, a Dutch Wwft AML registration: every one of these was a pre-MiCA national regime, and every one of them expired as a service basis at the transitional cliff. A firm resting on one of these after July 1 is unauthorized, no matter how current the registration certificate looks.

The register: who actually holds a CASP

The table below is the audit. Each processor is checked against the ESMA interim register and the national authority that would have granted or refused it, with the most authoritative source linked per row. Status is as of July 3, 2026.

ProcessorLicensed entityHome authorityMiCA status (3 Jul 2026)Source
CoinGateUAB DecentralizedBank of LithuaniaCASP authorized (Title V), 16 Dec 2025LB register
Nuvei / SimplexNuvei Liquidity, UABBank of LithuaniaCASP authorized (Title V), 16 Dec 2025LB register
BVNKSystem Pay Services (Malta) LtdMFSA (Malta)CASP authorized (Title V), 13 Feb 2026AMF white list
Banking CircleBanking Circle S.A.CSSF (Luxembourg)Credit institution via Art. 60 notification (not a CASP), register entry 16 Feb 2026CSSF
CoinsPaidDream Finance OÜEstonia (under review)Pending applicant (not authorized)ESMA register
B2BINPAYB2BINPAY Italy S.r.l.Italy (application disclosed)Pending applicant (not authorized)Consob/BdI grants
CoinPaymentsUAB Star VenturesNo CASP: lapsed Lithuanian VASP registrationcasptracker.eu
Request NetworkRequest Technologies UABWent dark: Lithuanian VASP lapsed, now protocol-onlyESMA register
BitPayBitPay B.V.No CASP: lapsed Dutch AML registration onlyDNB register
NOWPaymentsNOWPayments Ltd (Seychelles)No EU license: offshore, never registered in the EUAFM register
Coinflow LabsCoinflow Labs (US)No CASP: US-centric; Poland cannot grant oneWoźniak Legal
XAIGATEHoang Quan International LLCNo license anywhere: US (Texas) LLCcasptracker.eu

3 of 12

Of the crypto processors we audited hold a genuine CASP license

CoinGate, BVNK and Nuvei (Simplex) hold full Title V CASP authorizations. Banking Circle is on the ESMA register through the Article 60 credit-institution route, which is lawful but is not a CASP license. The other eight are pending, dark, or offshore.

Most of the catalog being unauthorized is not the real finding. The gap that matters is that "on the ESMA register" and "holds a CASP" are two different claims, and that gap is where an operator's due diligence has to sit.

What the three licensed processors actually hold, and what Banking Circle does not

The three genuine CASP holders are worth naming carefully, because the license sits in a specific legal entity, and the entity name rarely matches the brand on the homepage.

CoinGate's authorization is held by UAB Decentralized, granted by the Bank of Lithuania on December 16, 2025 and confirmed on the Lithuanian register. It covers custody, crypto-to-fiat and crypto-to-crypto exchange, and transfers, and it carries the EEA passport. CoinGate also holds a separate payment-institution license, which is additive and not the crypto authorization. One correction to our own hub copy: CoinGate is not Lithuania's first CASP, because Robinhood Europe took that spot in May 2025. CoinGate is the first Lithuanian-founded company to hold one, which is the accurate and still meaningful claim.

Nuvei's CASP is where the entity distinction matters most. The license belongs to Nuvei Liquidity, UAB, the subsidiary that operates the Simplex crypto business, again from the Bank of Lithuania on December 16, 2025 and passported into France per the AMF white list. It is not held by "Nuvei" broadly, and it is not the Nuvei group's e-money license. An operator running Nuvei for card acquiring and assuming that contract covers crypto services is reading the wrong authorization.

BVNK's CASP is held by System Pay Services (Malta) Limited, authorized by the MFSA on February 13, 2026 and passported across roughly thirty EEA states, as its entry on the AMF white list shows. The same corporate family also holds a Malta e-money license, and the two are distinct: the EMI lets it handle e-money, the CASP lets it provide crypto-asset services. Bundling them as one "MiCA license" is the same category error the previous section warned about.

ProviderScoreHQSettlementDeposit fee
CoinGateCoinGate6.2Vilnius, LithuaniaInstant~1%
NuveiNuvei8.8Montreal, CanadaT+7+Custom 1.5-3.5%
BVNKBVNK5.3London, UKVariesCustom (conversion all-in rate + tiered external transfer fees)
Banking CircleBanking Circle5.3LuxembourgInstantCustom wholesale

Banking Circle is the instructive case, because it is lawful and on the register yet does not hold a CASP. Banking Circle S.A. is a Luxembourg credit institution, and it provides crypto settlement through the Article 60 notification route rather than a Title V authorization, exactly as the CSSF describes for banks. It also issues EURI, a euro e-money token, which is a Title IV matter and again not a CASP. If an operator's compliance checklist has a box that reads "processor holds a CASP authorization," Banking Circle would fail that box while being one of the more robustly regulated options in the set. The right description is that it settles crypto as a bank under a notification, not that it holds a CASP license. Our own FAQ listed it alongside three CASP holders without that distinction, and this audit is the correction.

Who went dark

The other eight processors split into three shapes, and the differences matter for how much reliance an operator can place on each.

CoinsPaid did not disappear, but it lost its footing. Its legacy Estonian FIU registration, held by Dream Finance OÜ, voided at the cliff with no grace period, and its Lithuanian leg suspended crypto services around January 2026. Dream Finance has since filed a MiCA CASP application with Estonia's authority, disclosed on June 30, 2026, and put itself into a supervised restricted-activity mode: no new clients, no new accounts, no active EEA marketing while it waits. That is a defensible posture, and it may well end in a granted license, but a pending application is not authorization. Until the grant lands and the entity appears on the register, CoinsPaid is unauthorized for EU-facing crypto, and the accurate label for it is "pending applicant" rather than anything stronger. CoinsPaidCoinsPaid B2BINPAY is in the same pending box in Italy, and notably was not among the eight Italian firms Consob and Banca d'Italia authorized at the cliff.

NOWPayments never had an EU license to lose. It runs on offshore entities, NOWPayments Ltd in the Seychelles and a St. Vincent company behind the ChangeNOW brand, with an Amsterdam operating team that never produced a Dutch CASP grant. Post-cliff, its custodial settlement flow serving EU-facing merchants is unauthorized activity, and its own homepage makes no MiCA claim. XAIGATE is the thinnest case in the catalog, a Texas LLC with no CASP, no EU registration, and no US money-transmitter license either. A second correction while we are here: XAIGATE's current terms describe payments received to "addresses controlled by XAIGATE" and credited to a "Merchant Settlement Account," which is a custodial model, not the non-custodial one our profile implied. Custody makes CASP scope more likely, not less.

BitPay is the quietest failure, because its EU entity is still standing. BitPay B.V. in Amsterdam holds only a Dutch Wwft AML registration, and DNB's own register states that this listing is not prudential or conduct supervision. It is an AML registration, not a CASP. The Dutch window closed June 30, 2025, BitPay never obtained an AFM CASP license, and so its EU crypto offering now rests on a lapsed registration with nothing behind it. The US parent's FinCEN and NYDFS credentials are real and irrelevant to MiCA. This is the case our catalog described as "N/A (US)," which understated it: there is a live EU entity, and it is unauthorized, not out of scope. CoinPayments sits on a lapsed Lithuanian registration through UAB Star Ventures and is still soliciting EU merchants without a CASP. Request Network's only EU-regulated leg lapsed at Lithuania's January cutoff, and its June 2026 iGaming crypto product is a non-custodial protocol run by a Swiss foundation, outside MiCA's authorization perimeter and fine for offshore setups but not for a or book. Coinflow Labs is US-centric and could not get a CASP in its EU domicile of record even if it wanted one, because Poland's crypto-market law was vetoed three times and the country still has no authority able to grant one.

The USDT delisting is a different regulation

The most-cited "MiCA killed crypto in Europe" data point is the disappearance of USDT from EU exchanges, and it is routinely blamed on the July 2026 CASP cliff. It belongs to the other regime. Tether's USDT is an e-money token, so under Titles III and IV it must be issued by an EU-authorized e-money institution or credit institution, and Tether never sought that authorization. A MiCA-licensed venue that kept listing USDT for EEA users was risking its own license, so the venues delisted.

The timing proves the attribution. The delistings clustered around MiCA's stablecoin rules, which applied from December 30, 2024, not around the CASP cliff eighteen months later. Coinbase announced removal of non-MiCA stablecoins for EEA users on December 3, 2024, effective the end of March 2025. Kraken went sell-only, and Binance delisted a batch of stablecoins including USDT, through the first quarter of 2025. USDT trading volume on EU venues fell by more than seventy percent between the fourth quarter of 2024 and the second quarter of 2025, per Kaiko data, while USDC roughly doubled over the same span. USDT is not banned for a person to hold, transfer, or withdraw. It just cannot be offered to EEA users by a compliant platform, which is a narrower and more accurate statement than "USDT is illegal in Europe."

70%+ drop

USDT trading volume on EU venues, Q4 2024 to Q2 2025

As compliant exchanges delisted USDT for EEA users, USDC volume roughly doubled. This is a Title III and IV e-money-token matter; the CASP cliff is a separate regime on a separate clock. Tether never sought EMT authorization; Circle's USDC and EURC did, through an ACPR e-money license.

The exchange-level fallout ran larger than the processors. Binance told EU users it would halt services from July 1, 2026 after withdrawing its Greek application, reportedly ahead of an expected rejection, and a long list of global exchanges were simply absent from the register as the cliff hit. Industry estimates put roughly eighty percent of currently operating exchanges failing to obtain a MiCA license. The register lists authorized entities only, so absence means not-granted, not merely "applied."

What CASP status changes at your cashier

If you take crypto deposits from EU players, your processor's authorization is now a line item in your own risk file, and it changes three concrete things.

It changes who you can lawfully route through. An EU-licensed book, or or a national EU regulator, is expected to use authorized payment partners, and after July 1 an unauthorized crypto processor is not that. The three CASP holders and the Article 60 bank in this audit can serve EU-licensed operators today. The pending applicants can serve nobody new in the EU until they are granted. The offshore and dark cases are fit for a Curaçao or Anjouan setup that is not underwriting against EU authorization in the first place, and not for a regulated EU cashier. That is a sorting an operator can act on immediately.

It changes your counterparty exposure. ESMA's own guidance is that clients of an unauthorized provider get none of MiCA's safeguards, so if an unauthorized processor freezes balances, fails, or has its access pulled during a wind-down, the operator carries the loss and the player complaints with no regulatory backstop. A CASP authorization does not make a processor solvent, but it puts the entity inside a supervised regime with capital and custody rules, which is a different risk profile from an offshore entity resting on a registration that expired.

It changes what you can verify yourself, and you should. The ESMA register is public, the national authority registers behind it are public, and checking a processor takes minutes. Look up the specific legal entity, not the brand, because the license lives in the entity: "Nuvei Liquidity, UAB," not "Nuvei"; "System Pay Services (Malta) Limited," not "BVNK." Confirm the service list actually covers what you use the processor for, confirm the passport reaches your market, and treat "MiCA-ready," "pursuing MiCA," and "MiCA-compliant" as marketing until the register says authorized. The full buying decision, fees and custody and coin coverage, still runs through our crypto payment gateways guide; this audit is the layer underneath it, the check on whether the processor you like is legally allowed to take the deposit at all. For the US mirror of this question, where the GENIUS Act splits stablecoins for US operators on a different clock, and for the AML data that has to ride along each transfer regardless of authorization, the FATF Travel Rule article covers the companion regime. Authorization is who may operate; the Travel Rule is what must travel with the money; the compliance guide ties both into the cashier.

The cliff did not thin the field so much as sort it. Three processors in our catalog cleared the bar cleanly, one cleared a different bar that is easy to misread, and the rest are on a spectrum from "waiting for a grant" to "never had EU standing." An operator who reads the register by entity instead of by logo can tell those apart in an afternoon, and after July 1, 2026, that reading is part of the job.

Sources (22)

  1. 01ESMA: Markets in Crypto-Assets Regulation (MiCA) hub and interim CASP register
  2. 02ESMA: interim register of authorised CASPs (CASPS.csv)
  3. 03ESMA: Statement on MiCA transitional measures (December 2024)
  4. 04Regulation (EU) 2023/1114 (MiCA) full text on EUR-Lex
  5. 05AMF: ESMA calls on unauthorised crypto-asset service providers to wind down (23 June 2026)
  6. 06AMF: DASP/CASP white list, System Pay Services (Malta) Limited (BVNK)
  7. 07AMF: DASP/CASP white list, Nuvei Liquidity UAB
  8. 08Bank of Lithuania: financial market participants register, UAB Decentralized (CoinGate)
  9. 09Bank of Lithuania: financial market participants register, Nuvei Liquidity UAB
  10. 10CSSF: Crypto-Assets Service Providers, credit institutions provide crypto services upon notification under Article 60
  11. 11CSSF: MiCA transition period for VASPs ended on 1 July 2026
  12. 12De Nederlandsche Bank: public register, BitPay B.V. (Wwft AML registration, not a CASP)
  13. 13AFM: register of authorised crypto-asset service providers (Netherlands)
  14. 14casptracker.eu: ESMA-derived EU CASP register mirror
  15. 15BeBeez International: eight Italian firms receive MiCAR authorisation from Consob and Banca d'Italia (1 July 2026)
  16. 16Woźniak Legal: Poland's MiCA deadline, no CASP law and no licenses after 1 July 2026
  17. 17Adams & Smith: Lithuania extended the VASP-to-CASP transitional period to 1 January 2026
  18. 18Circle: first global stablecoin issuer to comply with MiCA (USDC and EURC as EMTs)
  19. 19Ledger Insights: Circle lands e-money license from France's ACPR
  20. 20Decrypt: Coinbase Europe delists USDT and other non-MiCA stablecoins for EEA users
  21. 21CoinDesk: Binance tells EU users it will no longer provide services after failing to secure a MiCA license
  22. 22BVNK: BVNK secures MiCA licence from the MFSA