Crypto-Asset Service Provider (CASP) Authorization in Slovakia Under MiCA (2026)

Send Request

Slovakia authorizes Crypto-Asset Service Providers (“CASPs”) under Regulation (EU) 2023/1114 on Markets in Crypto-Assets (“MiCA”). CASPs established in Slovakia may provide regulated crypto-asset services across the European Union through MiCA passporting procedures, subject to applicable notifications and local regulatory requirements.  

The competent supervisory authority is the National Bank of Slovakia (“NBS”), which became the single supervisory authority for crypto-asset services under Slovak MiCA implementation legislation.  

MiCA authorization in Slovakia may be suitable for:

  • crypto-asset exchanges,
  • custodial wallet providers,
  • OTC trading firms,
  • tokenization platforms,
  • Web3 infrastructure businesses,
  • institutional digital asset firms,
  • stablecoin payment infrastructure providers,
  • regulated fintech companies.

Unlike pre-MiCA VASP registration regimes previously used in parts of Europe, CASP authorization is a full supervisory licensing framework involving:

  • prudential requirements,
  • governance obligations,
  • safeguarding controls,
  • cybersecurity oversight,
  • AML/CFT compliance,
  • operational resilience supervision,
  • ongoing reporting obligations.  

Legal Framework

CASP authorization in Slovakia is governed primarily by:

  1. Regulation (EU) 2023/1114 (“MiCA”),
  2. Slovak Act No. 248/2024 Coll. on Certain Obligations and Rights in the Area of Crypto-Assets,
  3. EU anti-money laundering legislation,
  4. FATF guidance and Travel Rule obligations,
  5. Regulation (EU) 2022/2554 (“DORA”),
  6. ESMA and EBA supervisory guidance applicable to CASPs.  

Under MiCA, firms generally must obtain authorization from the competent authority of their home Member State prior to providing regulated crypto-asset services within the European Union.  

Slovak MiCA Implementation

Slovak Act No. 248/2024

Slovakia implemented key MiCA supervisory provisions through:

  1. Act No. 248/2024 Coll.

The legislation:

  1. designates NBS as the national competent authority,
  2. establishes supervisory powers,
  3. regulates procedural matters,
  4. implements sanctioning powers,
  5. governs transition arrangements,
  6. establishes national supervisory mechanisms.  

NBS now supervises:

  1. CASPs,
  2. ART issuers,
  3. EMT issuers,
  4. whitepaper notification procedures,
  5. ongoing prudential and conduct obligations.  

CASP Authorization Checklist

corporate structuring analysis

governance framework

safeguarding architecture

ICT & cybersecurity framework

DORA readiness assessment

Travel Rule procedures

risk management policies

complaints handling framework

prudential capital analysis

outsourcing agreements

financial projections

regulatory application package

Competent Authority

National Bank of Slovakia

The regulator assesses:

  • shareholder transparency,
  • governance quality,
  • operational substance,
  • prudential safeguards,
  • AML/CFT systems,
  • ICT resilience,
  • outsourcing arrangements,
  • safeguarding controls,
  • management suitability,
  • cybersecurity readiness.  

Applications are assessed both:

  • formally,
  • substantively.

MiCA authorization is not treated as a purely administrative registration process.  

MiCA Services Covered

CASP authorization may cover the following regulated services:

 

MiCA Service

Typical Business Activity

Custody & administration

Wallet custody and key management

Exchange services

Crypto-to-fiat and crypto-to-crypto exchange

Execution of orders

Order execution on behalf of clients

Reception & transmission

Order routing infrastructure

Transfer services

Crypto transfer operations

Placement services

Distribution of crypto-assets

Portfolio management

Managed crypto portfolios

Investment advice

Crypto-asset advisory services

Trading platform operation

Exchange or marketplace infrastructure

Under MiCA Articles 59–75, different crypto-asset services trigger different governance, safeguarding, and prudential obligations.  

Start your compliant crypto company in Slovakia today

Send Request

CASP Authorization Process in Slovakia

1. Preliminary Regulatory Assessment

A preliminary assessment typically evaluates:

  • target services,
  • token classifications,
  • custody exposure,
  • fiat settlement structure,
  • operational footprint,
  • outsourcing dependencies,
  • AML risk profile,
  • cross-border exposure.

This stage is critical because many crypto businesses underestimate the operational complexity of MiCA authorization, especially where:

  • custody,
  • stablecoins,
  • payment flows,
  • institutional onboarding,
  • cross-border servicing
    are involved.

2. Corporate Structuring

Applicants typically establish a Slovak legal entity, commonly:

  • s.r.o. (limited liability company).

NBS evaluates:

  • UBO transparency,
  • ownership integrity,
  • governance arrangements,
  • operational presence,
  • local management oversight,
  • shareholder suitability.

Opaque ownership structures or nominee arrangements may attract enhanced scrutiny.

3. Governance Framework

MiCA requires CASPs to maintain effective and prudent governance arrangements.

Applicants generally implement:

  • internal control systems,
  • risk management frameworks,
  • conflicts-of-interest procedures,
  • compliance monitoring,
  • complaints handling systems,
  • business continuity planning,
  • safeguarding procedures,
  • outsourcing controls.  

Regulators increasingly expect:

  • effective management oversight,
  • documented decision-making processes,
  • segregation of duties,
  • independent compliance functions,
  • operational accountability.

Pure “shell” structures without real operational substance may face supervisory resistance.

Practical Challenges Applicants Commonly Face

In practice, CASP applicants frequently underestimate:

operational substance expectations

safeguarding complexity

Travel Rule integration costs

banking friction

DORA compliance obligations

outsourcing scrutiny

governance documentation requirements

internal control expectations.

ICT, Cybersecurity & DORA Requirements

Operational resilience has become a core supervisory priority for EU financial regulators.

Under the Slovak supervisory framework, CASPs must comply not only with MiCA obligations but also with applicable DORA requirements relating to:

  1. ICT governance,
  2. incident response,
  3. cybersecurity monitoring,
  4. continuity planning,
  5. operational recovery,
  6. outsourcing resilience.  

NBS specifically confirms that CASPs must:

  1. maintain ICT continuity policies,
  2. report serious ICT incidents,
  3. ensure timely recovery capabilities,
  4. preserve critical operational data.  

Cybersecurity scrutiny has materially increased during 2025–2026.

Cybersecurity Audit Expectations

Slovak regulators increasingly focus on:

  1. cybersecurity governance,
  2. operational resilience,
  3. infrastructure integrity,
  4. safeguarding architecture.

In practice, applicants with:

  1. custody exposure,
  2. trading infrastructure,
  3. institutional onboarding,
  4. API integrations,
  5. outsourced ICT environments
    may face enhanced technical scrutiny during authorization review.

Operational resilience documentation is now a major component of serious CASP applications.

AML, Travel Rule & Transaction Monitoring

CASPs must maintain robust AML/CFT controls including:

  • customer due diligence (CDD),
  • enhanced due diligence (EDD),
  • sanctions screening,
  • transaction monitoring,
  • suspicious activity reporting,
  • blockchain analytics controls,
  • Travel Rule compliance.  

NBS confirms that CASPs remain subject to:

  • AML obligations,
  • anti-terrorist financing rules,
  • consumer protection obligations,
  • TFR requirements.  

Regulators increasingly scrutinize:

  • anonymous wallet exposure,
  • sanctions risks,
  • high-risk jurisdiction flows,
  • source-of-funds verification,
  • fiat onboarding controls.

Safeguarding of Client Assets

CASPs providing custody or exchange services generally must implement:

  1. segregation of client assets,
  2. wallet security controls,
  3. private key protection,
  4. reconciliation procedures,
  5. operational resilience safeguards,
  6. incident response procedures.  

Safeguarding failures may result in:

  1. sanctions,
  2. remediation measures,
  3. operational restrictions,
  4. authorization withdrawal.

MiCA materially increases safeguarding expectations compared to earlier VASP regimes.

Prudential Capital Requirements

Under MiCA Articles 67–69, CASPs must maintain prudential safeguards and minimum own funds depending on the services provided.  

CASP Activity

Indicative Prudential Requirement

Reception & transmission of orders€50,000
Execution / exchange services€125,000
Custody / trading platform operation

€150,000+

Additional prudential obligations may apply based on:

  • operational scale,
  • fixed overhead calculations,
  • safeguarding exposure,
  • outsourcing dependencies,
  • business complexity.

These are not merely “share capital” requirements. Regulators assess broader prudential resilience.

MiCA Transitional Regime in Slovakia

Slovakia shortened the MiCA transitional period to 12 months.  

Businesses previously operating under local crypto trade licensing or VASP structures generally must obtain MiCA authorization in order to continue regulated operations beyond the applicable transition deadlines.  

The transition regime became one of the most significant operational issues for European crypto businesses during 2025–2026.  

Banking for Slovak CASPs

MiCA authorization does not guarantee banking access.

Banks and EMIs typically assess:

  1. AML maturity,
  2. governance quality,
  3. ownership transparency,
  4. source of funds,
  5. transaction profile,
  6. sanctions exposure,
  7. operational activity,
  8. jurisdictional risk.

Enhanced due diligence (EDD) is standard for crypto onboarding.

Many crypto firms initially rely on:

  1. EMIs,
  2. PSPs,
  3. fintech payment infrastructure,
    before establishing broader banking relationships.

Stablecoins, EMTs & Payment Structures

MiCA distinguishes between:

  1. EMTs (electronic money tokens),
  2. ARTs (asset-referenced tokens),
  3. other crypto-assets.

Crypto businesses combining:

  1. stablecoin settlement,
  2. fiat onboarding,
  3. payment services,
  4. crypto custody
    may face overlapping MiCA and PSD2 regulatory considerations.

Industry discussions increasingly focus on dual-licensing complexity involving:

  1. CASP authorization,
  2. EMI licensing,
  3. payment institution structures.  

This is particularly relevant for:

  • stablecoin payment providers,
  • crypto cards,
  • fiat ramps,
  • treasury infrastructure platforms.

Practical Challenges Applicants Commonly Face

In practice, CASP applicants frequently underestimate:

  • operational substance expectations,
  • safeguarding complexity,
  • Travel Rule integration costs,
  • banking friction,
  • DORA compliance obligations,
  • outsourcing scrutiny,
  • governance documentation requirements,
  • internal control expectations.

Cross-border structures relying heavily on outsourced operations or minimal EU presence may face enhanced supervisory review.

Common Reasons CASP Applications Are Delayed or Rejected

Regulators frequently identify:

  1. weak AML frameworks,
  2. inadequate governance,
  3. unrealistic financial projections,
  4. insufficient cybersecurity controls,
  5. unclear ownership arrangements,
  6. poor safeguarding architecture,
  7. unsupported outsourcing models,
  8. lack of operational readiness,
  9. insufficient local oversight.  

Strong regulatory preparation materially improves authorization outcomes.

EU Passporting

A CASP authorized in Slovakia may passport services throughout the European Union under MiCA notification procedures.

This may enable:

  1. cross-border onboarding,
  2. EU-wide service expansion,
  3. multi-jurisdiction operations,
  4. scalable European infrastructure.

However, local obligations may still apply regarding:

  1. consumer protection,
  2. marketing restrictions,
  3. AML reporting,
  4. tax obligations,
  5. financial promotions.

Slovakia vs Other EU MiCA Jurisdictions

Jurisdiction

Competent Authority

Market Positioning

Typical Profile

Slovakia

National Bank of Slovakia

Emerging MiCA jurisdiction

Fintech & infrastructure

Lithuania

Bank of Lithuania

Established fintech ecosystem

Crypto startups

Estonia

Financial Intelligence Unit

Mature AML supervision

Digital businesses

Germany

BaFin

Institutional regulatory environment

Institutional firms

France

AutoritГ© des marchГ©s financiers

Advanced supervisory framework

Regulated exchanges

CASP Authorization Timeline (2026)

StageTypical Duration
Regulatory assessment2–4 weeks
Corporate structuring2–6 weeks
Documentation preparation1–3 months
Regulatory review4–8+ months
Total project horizon6–12+ months

Complex structures involving:

  • custody,
  • stablecoins,
  • institutional clients,
  • payment flows,
  • extensive outsourcing
    may require longer supervisory review periods.

About Our Regulatory Practice

Our practice focuses on:

  1. MiCA authorization,
  2. CASP transition projects,
  3. AML/CFT remediation,
  4. crypto governance,
  5. DORA readiness,
  6. safeguarding reviews,
  7. Travel Rule implementation,
  8. fintech licensing,
  9. cross-border EU regulatory structuring.

We support clients with:

  1. CASP readiness assessments,
  2. regulatory gap analysis,
  3. governance structuring,
  4. operational framework preparation,
  5. application management,
  6. regulator communications,
  7. passporting strategy,
  8. compliance remediation.

Frequently Asked Questions

Yes. Foreign ownership is generally permitted, subject to transparency, UBO disclosure, and suitability assessments.

While MiCA does not impose a universal nationality requirement, regulators typically assess whether the applicant demonstrates sufficient operational substance and effective management oversight within the EU.

Yes, but outsourcing remains subject to regulatory scrutiny. CASPs generally remain fully responsible for outsourced functions and must maintain effective oversight and control arrangements.

Yes. Crypto exchanges operating within the EU generally require CASP authorization where regulated crypto-asset services are provided.

Yes. MiCA establishes separate rules for:

  • EMTs,
  • ARTs,
  • other crypto-assets.

Stablecoin structures may trigger additional obligations beyond standard CASP authorization.

Potentially yes. CASPs operating regulated ICT systems or relying on critical infrastructure providers may need to comply with DORA operational resilience requirements.

Businesses operating solely under legacy VASP or local trade regimes may be required to cease regulated crypto-asset services unless MiCA authorization or transitional protections apply.  

Get Your Slovakia Crypto License with Full Legal Support

  1. Schedule a regulatory assessment consultation.
  2. Receive capital and service-category structuring analysis.
  3. Prepare a MiCA-compliant documentation package.
  4. Submit and manage the authorization process before the National Bank of Slovakia.
  5. Launch compliant EU-wide crypto operations.

A properly structured Slovakia CASP authorization provides regulatory certainty, EU passporting access, and scalable infrastructure for compliant crypto operations in 2026.