The Legal Framework: MiCA, the Digital Finance Act, and the CNB
Crypto-asset service provision in the Czech Republic is now governed by a two-layer framework. At the EU level, Regulation (EU) 2023/1114 (MiCA) became fully applicable on 30 December 2024, establishing directly binding rules for crypto-asset service providers across all 27 member states. Because MiCA is an EU Regulation — not a Directive — it required no transposition into Czech law. It applies as written, with uniform capital thresholds, authorisation procedures, and conduct-of-business rules. What Czech legislation had to do was something narrower but essential: designate a national competent authority (NCA), set out transitional provisions for firms already operating, and adapt domestic enforcement procedures.
That domestic layer is Act No. 31/2025 Coll. (the Digital Finance Act, effective 15 February 2025), which designated the Czech National Bank (CNB) as the sole NCA for MiCA supervision in the Czech Republic. Before MiCA, crypto businesses operated under a light-touch trade-licence regime: service providers were registered under business activity code 81, Annex 4 of the Trade Licensing Act, and the CNB had no supervisory role over them as crypto firms. That regime is now superseded. Firms that previously held only a trade licence must obtain a full CASP authorisation under Article 63 MiCA to continue regulated activity. Critically, since August 2025, the CNB accepts CASP applications only from legal entities — natural persons can no longer apply for authorisation under MiCA in the Czech Republic.
Anti-money laundering obligations run in parallel and are not replaced by MiCA. Act No. 253/2008 Coll. (the AML Act) continues to apply to CASPs as obliged entities, with the Financial Analytical Unit (FAU) responsible for AML/CFT enforcement alongside the CNB's prudential and conduct supervision. Applicants must therefore satisfy both the CNB's authorisation requirements under MiCA and the FAU's AML registration and compliance expectations — these are separate processes with separate regulators.
Who Needs a CASP Authorisation — and Who Is Exempt?
Article 59(1) of Regulation (EU) 2023/1114 states the baseline rule: any legal person who provides crypto-asset services in the EU on a professional basis must hold a CASP authorisation. The ten crypto-asset services subject to this requirement are defined in Article 3(1)(16) MiCA:
- Custody and administration of crypto-assets on behalf of clients
- Operation of a trading platform for crypto-assets
- Exchange of crypto-assets for funds
- Exchange of crypto-assets for other crypto-assets
- Execution of orders for crypto-assets on behalf of clients
- Placing of crypto-assets
- Reception and transmission of orders for crypto-assets on behalf of clients
- Providing advice on crypto-assets
- Providing portfolio management on crypto-assets
- Providing transfer services for crypto-assets on behalf of clients
Not all entities must go through full authorisation. Article 60 MiCA establishes a simplified notification route for firms already authorised under other EU financial-services frameworks: credit institutions (CRD), investment firms (MiFID II), central securities depositories, market operators, e-money institutions (EMD2), UCITS management companies, and alternative investment fund managers. These entities may notify the CNB of their intention to provide crypto-asset services rather than seek fresh authorisation — subject to the specific conditions and service-scope limits set out in Article 60. Every other legal entity must apply for full CASP authorisation under Article 63 MiCA and meet all substantive requirements from scratch. The narrow reverse-solicitation exclusion under Article 61(2) MiCA is the only other relief available to non-EU firms, but it is strictly limited in scope — see our detailed analysis at MiCA reverse solicitation: what non-EU firms need to know.
| Entity / service category | Authorisation route |
|---|---|
| New or non-regulated legal entities providing any of the 10 services | Full CASP authorisation — Article 63 MiCA |
| Credit institutions (CRD-authorised) | Simplified notification — Article 60 MiCA |
| Investment firms (MiFID II-authorised) | Simplified notification — Article 60 MiCA |
| Central securities depositories | Simplified notification — Article 60 MiCA |
| Market operators | Simplified notification — Article 60 MiCA |
| E-money institutions (EMD2-authorised) | Simplified notification — Article 60 MiCA |
| UCITS management companies | Simplified notification — Article 60 MiCA |
| Alternative investment fund managers | Simplified notification — Article 60 MiCA |
| Non-EU firms relying on reverse solicitation | Narrow exclusion — Article 61(2) MiCA (strictly limited) |
Capital Requirements: Which Class Applies to Your Business?
Under Article 67(1) of Regulation (EU) 2023/1114 (MiCA), a CASP must hold own funds equal to the higher of two thresholds at all times: the fixed minimum set by Annex IV for the applicable service class, or 25% of fixed overheads (the Fixed Overheads Requirement). Own funds must qualify as Common Equity Tier 1 capital within the meaning of Articles 26–30 of Regulation (EU) 575/2013 (CRR), after the deductions required by Article 36 of that Regulation. Capital must be fully paid in monetary form and deposited with an EEA credit institution — pledged assets or contingent instruments do not count.
The three Annex IV classes are cumulative: the highest class triggered by any single service offered sets the minimum threshold for the entire entity. For year-one firms without a full prior-year cost base, Article 67(2) MiCA requires the use of projected fixed overheads — not a historical figure. If your projected operational costs are high (for example, due to significant third-party vendor spend or headcount), the Fixed Overheads Requirement may exceed the Annex IV fixed minimum, and that higher figure then applies. The CNB retains supervisory discretion to require a buffer above the fixed minimum where it assesses projected costs as understated.
| Class | Services triggering this class | Minimum own funds | Annex IV reference |
|---|---|---|---|
| Class 1 | Reception & transmission of orders; execution of orders; placing of crypto-assets; investment advice; portfolio management; transfer services for crypto-assets | €50,000 | Annex IV, Class 1 |
| Class 2 | All Class 1 services plus custody & administration of crypto-assets on behalf of clients; exchange of crypto-assets for funds; exchange of crypto-assets for other crypto-assets | €125,000 | Annex IV, Class 2 |
| Class 3 | Operation of a crypto-asset trading platform (regardless of other services offered) | €150,000 | Annex IV, Class 3 |
A firm that offers only execution of orders and transfer services sits in Class 1 at €50,000. The moment it adds custody, it moves to Class 2 at €125,000. Add a trading platform and it reaches Class 3 at €150,000 — the ceiling under Annex IV. Plan your service scope before incorporation: expanding into a higher class post-authorisation requires a material change notification to the CNB and may trigger a full re-assessment of capital adequacy.
What Does a CNB CASP Application Actually Contain?
The content of a CASP application to the CNB is governed by Article 62 of Regulation (EU) 2023/1114 (MiCA), with the precise information requirements and templates set out in Commission Delegated Regulation (EU) 2025/305 (content RTS) and Commission Implementing Regulation (EU) 2025/306 (forms and templates). These are directly applicable across all EU member states, including Czechia — the CNB cannot require more or accept less. The CNB's published supervisory expectations indicate it follows ESMA's Supervisory Briefing on CASP Authorisation closely, and applicants are strongly encouraged to request a pre-application meeting (bilateral engagement) before formal submission to surface any structural issues early.
The dossier is substantial. A Programme of Activities must detail every service to be provided, three-year financial projections, stress-test assumptions, and a service-by-service mapping of how MiCA operating conditions will be met. Legal entity documents must confirm a Czech s.r.o. or a.s., include a current Commercial Register excerpt, and provide a full ownership chart disclosing all ultimate beneficial owners. The governance and fit-and-proper assessment — governed by Article 68(1) MiCA — must demonstrate that each member of the management body holds sufficiently good repute and individually and collectively adequate knowledge, skills and experience; the applicable standard is developed in the EBA/ESMA Joint Guidelines on suitability of members of the management body and key function holders under MiCA. For staff knowledge and competence obligations more broadly, see our guide at MiCA Article 81: Staff Knowledge and Competence for CASPs. AML/CFT policies must align to the Czech AML Act No. 253/2008 Coll. and the EU Travel Rule under Regulation (EU) 2023/1113. The ICT/security framework must satisfy Regulation (EU) 2022/2554 (DORA), covering incident reporting, business continuity and disaster recovery plans, and a third-party vendor risk register. Where custody is in scope, client-asset segregation procedures must be documented in full. Complaints-handling procedures must conform to Commission Delegated Regulation (EU) 2025/294.
Application dossier checklist:
- Programme of Activities — 3-year financials, stress tests, service mapping
- Legal entity documents — Commercial Register excerpt, UBO ownership chart
- Governance package — management body CVs, fit-and-proper declarations per
Article 68(1) MiCAand EBA/ESMA Joint Guidelines - AML/CFT policies — aligned to
Act No. 253/2008 Coll.andRegulation (EU) 2023/1113(Travel Rule) - ICT/DORA framework — incident response, BCP/DRP, third-party vendor risk register under
Regulation (EU) 2022/2554 - Custody and client-asset segregation procedures (if applicable)
- Complaints-handling policy per
Commission Delegated Regulation (EU) 2025/294 - Capital evidence — proof of paid-in own funds deposited with an EEA credit institution
Substance Requirements: What 'Local Presence' Really Means in Czechia
Article 59(2) of Regulation (EU) 2023/1114 sets the baseline: a CASP must have its registered office in the Member State where at least part of its crypto-asset services are carried out, its place of effective management must be within the EU, and it must have at least one EU-resident director. For Czechia, this means the CNB must be your home-Member-State regulator — not a back-office address of convenience while real decisions happen offshore.
In practice, the CNB applies a substance standard that goes substantially further than the MiCA text alone. Informed by the ESMA Supervisory Briefing on Authorisation of CASPs (31 January 2025), the CNB expects: a genuine physical office in Czechia (a registered-address service does not qualify); a locally based AML/MLRO officer who meets documented professional-experience requirements; and at least one Czech-resident director with sufficient time commitment to satisfy Article 68(1) of Regulation (EU) 2023/1114. The management body as a whole must demonstrate collective expertise spanning crypto-asset operations, fintech, and EU financial regulation — assessed under the Joint ESMA/EBA Guidelines on suitability of management body members and qualifying shareholders under MiCA.
The CNB conducts on-site inspections and will evaluate whether strategic decisions — risk appetite, product approvals, key hiring — genuinely originate in Prague, not at a parent company in a third country. Nominee-director arrangements and directors who 'fly in for board meetings' will not satisfy the substance test. Founders should budget for real recurring operational costs: commercial office rent in Prague, local senior-staff salaries, and professional-indemnity insurance. The jurisdiction does offer a genuine competitive upside — Czech corporate income tax stands at 21% CIT in 2026, and operational costs remain lower than in Western European hubs — but those advantages are only accessible once substance is genuine, not simulated.
How Long Does the CNB Authorisation Process Take?
The statutory authorisation procedure is governed by Article 63 of Regulation (EU) 2023/1114 — not Article 62, which covers only the content of the application. The clock runs in two distinct phases. First, the CNB has 25 working days from receipt to check completeness under Article 63(2); if the file is incomplete, the CNB sets a deadline for missing material and the clock pauses until that information is received. Second, once completeness is confirmed, the CNB has 40 working days to issue a substantive decision under Article 63(9). No later than the 20th working day of this phase, the CNB may request further information, suspending the clock for up to 20 additional working days under Article 63(10)–(11). The decision must be notified to the applicant within 5 working days of being taken (Article 63(9)), and ESMA must be informed within 2 working days of any authorisation being granted (Article 63(13)).
Under ideal conditions — a complete file, no information requests, no backlog — the statutory minimum is approximately 65 working days (roughly 13 calendar weeks). Realistic end-to-end timelines run between 6 and 18 months from initial scoping. Company formation in Czechia takes roughly 10 business days; document preparation — policies, AML framework, business plan, own-funds proof, management CVs — typically takes 2–4 months for a well-resourced team. The CNB entered 2025 managing a pipeline of approximately 248 applications, and while it has deployed AI tooling to accelerate document review, substantive processing backlogs remain real. Applicants who submit after the 31 July 2025 Czech grandfathering cut-off have no transitional protection and must not provide any regulated crypto-asset services until a final, enforceable authorisation is granted.
| Phase | Statutory clock | Realistic duration |
|---|---|---|
| Company formation & pre-application scoping | No statutory limit | 1–6 weeks |
| Document preparation (policies, AML, business plan, capital proof) | No statutory limit | 2–4 months |
Completeness check (Art. 63(2)) | 25 working days from receipt; clock pauses if incomplete | 5–10 weeks |
Substantive review (Art. 63(9)) | 40 working days from completeness confirmation | 8–20 weeks (information-request rounds may extend) |
Decision notification to applicant (Art. 63(9)) | 5 working days from decision | 1 week |
ESMA registration & EU passport activation (Art. 63(13)) | 2 working days from authorisation | 1–2 weeks |
The statutory floor of 65 working days is a best-case figure that almost no complex application achieves in practice. Budget conservatively: 9–12 months is the realistic planning horizon for a new entrant with no prior CNB relationship and a full-service CASP scope. See also our guide on CASP licence requirements and how the EU passporting mechanism operates once authorisation is granted.
Grandfathering and the 1 July 2026 Hard Stop
The Czech Republic opted for the full 18-month transitional window available under Article 143(3) of Regulation (EU) 2023/1114. Entities that were operating under the pre-MiCA Czech trade-licence framework — specifically, business activity code 81 listed in Annex 4 of the Trade Licensing Act — and that held that authorisation before 30 December 2024 were eligible for transitional protection. To benefit, they were required to submit a full CASP application to the CNB by 31 July 2025. The CNB confirms this cut-off date on its official supervision page. Firms that met both conditions may continue providing crypto-asset services while the CNB reviews their application — but only until the CNB issues its decision, and no later than 1 July 2026 in any case.
ESMA publicly confirmed that there will be no extension to the 1 July 2026 hard stop. Once that date passes, transitional protection expires regardless of whether a decision has been issued. The table below sets out the three scenarios every Czech operator must map against its own situation:
| Scenario | Status on 1 July 2026 | Practical consequence |
|---|---|---|
| (a) Applied by 31 Jul 2025; decision still pending on 1 Jul 2026 | Transitional protection expires | Must cease all regulated crypto-asset services until the CNB grants authorisation; a pending application is not an authorisation. |
| (b) Applied by 31 Jul 2025; authorisation granted before 1 Jul 2026 | Fully authorised CASP under MiCA | May continue operating and passport the licence across the EEA under Article 63. |
| (c) New entrant; no application submitted by 31 Jul 2025 | No transitional protection at any point | Cannot provide regulated crypto-asset services until the CNB grants a full CASP authorisation; must not onboard EU clients in the interim. |
For firms in scenario (a), the operational risk is severe: the gap between the 1 July 2026 hard stop and an eventual CNB decision could run to weeks or months, forcing a service suspension that damages client relationships and revenue. If your application is still in review and the deadline is approaching, the priority is to resolve any outstanding CNB queries immediately and confirm in writing with the regulator the expected decision date. For a full breakdown of how Article 143 transitional rights work across the EU — including which member states chose shorter windows — see our MiCA Article 143 grandfathering guide and the updated analysis of the 2026 hard-stop implications.
EU Passporting: How a Czech Authorisation Unlocks 27 Member States
Once the CNB grants a CASP authorisation, the firm gains access to the entire EU single market through a single passporting notification — no separate licence application in any other member state. The mechanics are set out in Article 65 of Regulation (EU) 2023/1114: the authorised CASP notifies the CNB of each host member state where it intends to provide services, specifying which services and whether it will operate through a branch or on a cross-border basis. The CNB then communicates that information to ESMA and to the relevant host NCA within 10 working days. The CASP may begin providing services in the host member state after a further 15 calendar days from that communication — meaning the total lead time from notification to lawful cross-border activity is approximately five calendar weeks at minimum.
Passporting is scoped strictly to the services listed in the authorisation. A Czech CASP authorised at Class 1 — covering reception and transmission of orders, execution, placing, advice, portfolio management, and transfer services — cannot passport Class 2 services such as custody or exchange for fiat without first obtaining a varied or new authorisation from the CNB that covers those additional services. Expanding the service scope is not an administrative formality; it restarts the substantive review under Article 63. This makes upfront capital and service-class planning critical: if commercial expansion is likely, applying for the broadest justifiable authorisation from the outset avoids a costly re-authorisation cycle. For a fuller breakdown of how MiCA passporting works across all 27 member states, see our complete guide to MiCA CASP EU passporting.
The authoritative public record of authorised CASPs is ESMA's Interim MiCA Register, updated weekly. Any counterparty, institutional client, or exchange can verify Czech CASP status there before onboarding — which matters for B2B relationships where compliance due diligence is expected. One boundary the passport does not cross: it confers no rights to serve users in non-EEA jurisdictions. Providing services to US persons, UK residents, or other third-country users requires either geo-blocking or compliance with local licensing regimes in those markets. A Czech authorisation is a powerful EU-market tool, not a global one.
Cost Breakdown and Jurisdictional Trade-Offs: Is Czechia the Right Choice?
The cost of a Czech CASP authorisation falls into two distinct buckets. The first is statutory capital under Article 67 of Regulation (EU) 2023/1114: depending on the services you intend to offer, you must hold fully paid-up own funds of €50,000, €125,000, or €150,000 in an EEA bank account. This capital is not a fee — it is tied up as a permanent prudential buffer and cannot be drawn down to cover operating expenses. The second bucket is operational and professional expenditure: Czech company formation (typically 10 business days, with modest notary and state-fee costs), legal and compliance advisory to draft the full dossier, ongoing CNB supervisory levies (calculated as a percentage of supervised assets — an annual recurring cost you should confirm directly with the CNB or your Czech counsel), local office rent, salaries for a resident director and a dedicated MLRO/compliance officer, and ICT infrastructure meeting DORA requirements. Czech-market advisory firms quote professional fees for preparing the complete authorisation file — policy documentation, business plan, AML framework, CNB liaison — in the range of tens of thousands of euros. Treat any single published figure as a starting point only; obtain itemised quotes from at least two providers before budgeting.
Czechia has genuine structural advantages worth weighing. Operating under a CNB licence carries strong credibility with EU banking partners, which directly affects your ability to open and maintain the corporate accounts that MiCA requires. Operational costs — office space, local talent — remain competitive against Western European hubs. The corporate income tax rate is 21%, and an authorisation granted by the CNB gives you full EU passporting rights to offer services across all 27 member states without re-authorising locally. The pipeline data is also encouraging: Czechia had processed 248 CASP applications with 6 granted authorisations as of early 2026, demonstrating that the CNB is actively running the MiCA process rather than stalling it.
The honest counterargument is volume: that same pipeline means realistic timelines run 9–18 months from submission, and new entrants have no transitional cushion — the Article 143 grandfathering window closed on 1 July 2026. The CNB is a conservative, detail-oriented regulator; files with gaps in substance or policy documentation are returned rather than processed, restarting your clock. If speed to market is your primary constraint, or if your target client base is concentrated in Southern Europe, you may find Malta's MFSA or Spain's CNMV a better fit — see the full comparison in our Malta MFSA CASP guide and Spain CNMV CASP guide. Czechia rewards founders who file a complete, substantiated application on the first attempt and can sustain 12+ months of burn before going live.
Frequently asked questions
What is the minimum capital required for a CASP license in the Czech Republic?
Under Article 67 of Regulation (EU) 2023/1114 (MiCA) and its Annex IV, the minimum own funds requirement depends on the services you intend to provide. Class 1 services (reception and transmission of orders, execution of orders, placing of crypto-assets, advice, portfolio management, and transfer services) require €50,000. Class 2 services (Class 1 plus custody and administration, or exchange of crypto-assets for funds or other crypto-assets) require €125,000. Class 3 (operation of a trading platform) requires €150,000. The classes are cumulative — if you offer multiple services spanning classes, the highest applicable threshold applies. Additionally, own funds must never fall below 25% of fixed overheads (the Fixed Overheads Requirement under Article 67(1)), whichever is higher. Capital must be fully paid in monetary form and deposited with an EEA bank.
How long does CNB CASP authorisation take under Article 63 of MiCA?
Article 63 of Regulation (EU) 2023/1114 sets a two-phase statutory timeline: (1) the CNB has 25 working days from receipt of the application to assess completeness; and (2) once the application is confirmed complete, the CNB has 40 working days to adopt a reasoned decision granting or refusing authorisation. The decision is notified to the applicant within a further 5 working days. In ideal conditions, this totals approximately 65 working days (around 13 calendar weeks). In practice, given the CNB's pipeline of 248 applications and the likelihood of information-request rounds, founders should plan for 9–18 months from initial scoping to a final enforceable authorisation.
Can I still apply for a CASP licence in Czechia after the July 2025 grandfathering deadline?
Yes — the CNB accepts new CASP applications at any time. The 31 July 2025 deadline applied only to pre-existing Czech VASPs who wished to benefit from the MiCA Article 143(3) transitional protection (allowing continued operation until the CNB issued its decision, or at the latest 1 July 2026). New entrants applying after July 2025 have no transitional period: they must not provide regulated crypto-asset services in the EU until the CNB grants a final and enforceable authorisation. Since August 2025, only legal entities (not natural persons) may apply.
What substance requirements does the CNB expect from a CASP applicant?
Article 59(2) of MiCA requires every authorised CASP to have its registered office in the Member State where it provides at least part of its services, its place of effective management within the EU, and at least one EU-resident director. The CNB applies these requirements substantively: a genuine physical office (not just a registered address), an AML/MLRO officer resident in Czechia with documented professional experience, and a management body that meets the suitability standard under Article 68(1) — meaning sufficiently good repute and adequate knowledge, skills and experience. Nominee-director arrangements or infrequent physical presence will not satisfy the CNB's scrutiny.
Does a Czech CASP authorisation cover all 27 EU member states?
Yes. Under Article 65 of Regulation (EU) 2023/1114, a CASP authorised by the CNB may passport its services across all EU member states by notifying the CNB of each host jurisdiction. The CNB then communicates to ESMA and the host NCA; after a further 15 calendar days, the CASP may begin providing services in that member state without any additional local licence. The passport covers the specific services listed in the authorisation — providing a new or expanded service class requires a varied authorisation. Note that a Czech CASP authorisation does not grant rights to serve non-EEA clients (e.g. US or UK users), for whom separate regulatory obligations apply.
Which entities can use the Article 60 simplified notification route instead of full CASP authorisation?
Article 60 of Regulation (EU) 2023/1114 allows credit institutions, central securities depositories, investment firms authorised under MiFID II, market operators, e-money institutions, UCITS management companies, and alternative investment fund managers to provide certain crypto-asset services by notifying the CNB — rather than undergoing full Article 63 authorisation. This route is available only for entities already holding one of those EU-level authorisations. All other legal persons who wish to provide crypto-asset services in the Czech Republic must obtain CASP authorisation under Article 63.