Estonia Crypto License: 2025 Practical Guide

Estonia is among the first EU states to fully align with the Markets in Crypto-Assets (MiCA) Regulation. A license from the Estonian Financial Supervision and Resolution Authority (FSA) is now MiCA-compliant, granting passporting rights to operate across the EU from a single base.

This guide outlines the framework, requirements, application process, and strategic advantages of securing a crypto license in Estonia’s MiCA-ready regime.

TL;DR:

• Estonia now regulates crypto under a dual framework. MiCA sets common rules across the EU, while the Crypto Asset Market Act (CMA) elaborates and supplements MiCA at the national level.
• The FSA is the sole licensing & supervisory body for CASPs. VASP licenses previously issued by the Financial Intelligence Unit (FIU) remain valid only until July 1, 2026, with no automatic conversion. Existing firms must reapply to the FSA to continue their activities.
• MiCA Article 3(1)(16) defines regulated services broadly, including custody, trading platforms, exchanges, order execution, and crypto advisory services. The rules apply to exchanges, brokerages, custodial wallet providers, and OTC desks.
• In practice, businesses seek a MiCA CASP authorization from the Estonian FSA, which grants EU-wide passporting rights.

Legal & Regulatory Background

Estonia’s crypto rules operate within MiCA’s harmonized framework, which sets uniform standards for consumer protection, market integrity, and financial stability. Rules governing stablecoins took effect on June 30, 2024, while full CASP authorization requirements became applicable on December 30, 2024.

The European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) coordinate supervision at the EU level. Both bodies are mandated to create two types of documents (often called Level 2 and 3 measures) that provide the practical details for applying MiCA.

• Binding rules: Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS).
• Non-binding guidance: Guidelines, recommendations, and Q&As to help with implementation.

Estonia’s regulators introduced the CMA as a definitive guide to national crypto licensing procedures. It entered into force on July 1, 2024, assigning the FSA as the sole authority for granting, refusing, revoking, and supervising CASP authorizations.

The CMA grants the maximum transition period allowed under MiCA. Existing FIU-licensed VASPs may operate until July 1, 2026, but must file a new application with the FSA to continue beyond that date. This grace period is not equivalent to the automatic conversion of old licenses, but normal operations are allowed to continue during review.

Estonia Crypto License Requirements

The transition to FSA supervision and MiCA compliance raises requirements well beyond AML/CFT checks.

Estonia's crypto licensing regulations provide a full framework for institutional-grade financial services firms.

• Legal entity & Physical presence
  • The applicant must be an Estonian private limited company (OÜ).
  • A registered office in Estonia is mandatory.
  • Core business activities must be demonstrably connected to Estonia.
• Minimum initial funding
  • €100,000 for Class 2 MiCA services (exchanges, custody).
  • €150,000 for Class 3 MiCA services (trading platforms).
  • €250,000 for virtual currency transfer services.
  • Initial share capital must be fully paid in fiat, held in an EEA account, with proof of source of funds.
  • Own funds, separate from initial share capital, must be maintained to cover fixed overheads or a percentage of transaction volumes.
• Governance
  • Minimum of two management board members. Complex firms may need a separate three-member supervisory board.
  • Board members, ultimate beneficial owners (UBOs), and AML officers must pass the “fit and proper” test, which includes requirements for a clean criminal record (certificates from all jurisdictions), higher education, a demonstrated good reputation, and two+ years’ relevant experience in fields such as finance, financial law, or IT.
  • All key roles must be separated. For example, a board member cannot serve as an AML officer.
• Customer due diligence
  • Applicants must submit AML/CFT policies, procedures, and internal controls.  
  • Compliance frameworks must be risk-based, with clear client and geographic risk assessments.
  • Strong Know Your Customer (KYC) or Know Your Business processes.
  • Enhanced due diligence for high-risk clients, such as politically exposed persons (PEPs).
  • Real-time transaction monitoring and prompt suspicious activity reporting to the FIU (typically within two days)
  • Strict FATF Travel Rule compliance on all transfers, with no minimum threshold.
•  Operational resilience & Data protection
  • CMA explicitly subjects CASPs to DORA and requires major ICT incident reporting to FSA/Information System Authority per DORA Art. 19–20.
  • Applicants must submit detailed reports of their IT architecture, cybersecurity policies, data protection standards, and business continuity plans.
  • Full compliance with the GDPR is required, including secure handling of KYC data.
• Reporting & Audits
  • Annual financial statements must be audited externally. Applicants must provide details on the appointed audit firm..
  • CASPs must appoint an internal auditor or outsource internal audits of their internal controls, risk management framework, and governance processes.
  • CASPs must submit regular reports to the FSA on financials, capital adequacy, and transaction data.
• Banking & Accounting
  • CASPs must hold a corporate account with a European Economic Area (EEA) credit, e-money, or payment institution operating in Estonia.
  • Crypto-assets are treated as property under Estonian accounting standards, or if held for sale in the ordinary course of business, as inventory under the International Financial Reporting Standards (IFRS).
  • Strict segregation of client assets from company assets is required.

Application Process

Step 1: Corporate setup (1-2 weeks)

• Register an Estonian OÜ with the Commercial Register. This can be done remotely in one day with e-Residency.
• Draft the memorandum and articles of association to reflect business activities and confirm the registered office in Estonia.

Step 2: Team formation (concurrently with corporate setup)

• Appoint a management board.
• Hire a qualified AML officer based in Estonia.
• Finalize contracts with internal and/or external auditors.

Step 3: Financial requirements (up to 1 week)

• Open a corporate account with an EEA financial institution.
• Deposit the required share capital (€100k–€250k, depending on services offered).
• Obtain a bank certificate confirming the deposit.

Step 4: Essential documentation (2–4 weeks)

Compile an application dossier to be submitted for the FSA’s approval, including:

• A two-year business plan with financials and service descriptions.
• Proof of origin of funds.
• Governance formation documents, organization charts, and required papers proving “fit and proper” personnel (CVs, passports, criminal record certificates, and proof of education and experience).
• AML/CFT and KYC policies, risk assessment measures, and Travel Rule procedures.
• Documentation of IT systems, cybersecurity measures, and operational resilience plans.
• Opening balance sheet and capital deposit certificate.

Step 5: Submission and FSA review (up to 60 business days)

• File the dossier electronically or via a notary.
• Pay a €10,000 non-refundable state application fee.
• The FSA typically assesses whether an application is complete within 25 working days. Complete applications are reviewed within 40 working days, but the review period may be extended by an additional 20 business days.
• Additional information or interviews with board members may be requested.

Step 6: Obtain authorisation

• If approved, the FSA grants a CASP license for an indefinite period, allowing regulated activities to begin.

The final budget for each application differs depending on company size and operating model. Applicants must account for variable costs, including legal fees, hiring staff, compliance systems, IT security, and ongoing reporting.

Benefits of Estonian Crypto License

Obtaining a CASP license in Estonia offers strategic advantages for crypto businesses.

EU Passporting

An Estonian CASP authorization is a full MiCA license with EU-wide passporting rights. License holders can operate across all 27 member states from Estonia without additional approvals, gaining direct access to the entire market.

Regional Credibility

Licensing by the FSA signals adherence to EU standards on governance, transparency, consumer protection, and security. This credibility helps build trust with customers, banks, and other financial institutions.

Tax Benefits

Estonia levies zero corporate tax on retained or reinvested profits. A 20% tax applies only when profits are distributed. Crypto exchange services are exempt from VAT under EU law, adding further capital efficiency..

Streamlined Operations

The e-Residency program and Estonia’s digital infrastructure allow remote company management, digital signatures, online filings, and streamlined interaction with government services, reducing operational burdens for global teams.

Conclusion

Estonia’s crypto licensing regime is fully aligned with the EU’s MiCA framework. Licenses issued by the Estonian FSA are MiCA-compliant, granting EU-wide passporting rights. Existing VASP licenses under the previous regime expire on July 1, 2026, and new applications are required to continue existing operations.

Applicants must establish an Estonian OÜ with a registered office in the country, maintain €100k–€250k in paid-up share capital depending on services, and meet ongoing own funds requirements. Boards must include at least two members, with all key individuals passing “fit and proper” tests covering criminal records, education, and relevant experience.

Detailed AML/KYC frameworks, real-time monitoring, full FATF Travel Rule compliance, and resilient IT and cybersecurity systems under the EU’s DORA framework are mandatory, alongside regular audits and reporting.

Benefits of Estonian crypto licensing include access to the entire EU market, enhanced credibility, zero corporate tax on retained profits, and efficient digital infrastructure. This makes Estonia a strategically valuable base for crypto businesses ready to meet institutional-grade standards.