MiCA CASP License in Ireland

Ireland’s Crypto Licensing Landscape

Ireland is an established EU member state that authorises crypto-asset service providers under MiCA, with the Central Bank of Ireland as the designated national competent authority. A Central Bank authorisation carries full EEA passporting and the credibility of a top-tier regulator, an English-language common-law system, and a 12.5% trading corporation-tax rate. The trade-off is candid: Ireland is one of the slowest and most demanding EU routes, with a non-negotiable substance test and a binding banking constraint, suited to well-capitalised, institutionally-credible applicants rather than cost- or speed-led operators.

Ireland’s headline advantage is standing. The Central Bank authorised ten CASPs during 2025, describing them as a mix of retail-focused and institutional-focused business models, and received 305 crypto-asset white-paper notifications under MiCA.^[20] The first major global exchange to be licensed was Kraken, through its Payward Europe Solutions Limited entity, announced on 25 June 2025.^[19] The enforcement posture is real: the Central Bank fined Coinbase Europe Limited €21,464,734 on 6 November 2025 for AML transaction-monitoring failures, a matter of public regulatory record.^[19]

Full MiCA Passporting

An Irish CASP authorisation grants the right to provide crypto-asset services across all 30 EEA member states through a single notification to the Central Bank under MiCA Article 65.^[1] No additional authorisation is required from host-country regulators. Both cross-border service provision and branch establishment are covered, though passporting is service-specific: only the authorised services can be provided cross-border. The passport is reciprocal, so a CASP authorised in any other EU member state can serve Irish clients on the same basis.

A Top-Tier, English-Language Regulator

The Central Bank of Ireland is a respected European supervisor, and a Central Bank authorisation is a strong due-diligence credential with institutional counterparties, banks and prime brokers. Ireland combines this with an English-language application process and a common-law legal system, which lowers the friction for international applicants relative to civil-law jurisdictions operating in another language. For institutionally-credible exchange, custody and broker applicants, that combination is the core of Ireland’s appeal.

Substance Is Non-Negotiable

The Central Bank expects a CASP to demonstrate genuine substance and autonomy in Ireland, led by a local crypto-competent executive and board with full oversight and independent decision-making.^[3] It has stated that where it has concerns a firm will not operate this way, the firm will not be authorised. A letter-box structure with management outsourced to another jurisdiction fails. This is the defining cultural feature of the Irish regime and the most common reason applicants who are used to lighter-touch jurisdictions misjudge the effort involved.

Deliberate, Multi-Month Authorisation

Ireland is not a fast route. The Central Bank declines to give fixed timelines and emphasises that the best-prepared firms proceed more efficiently; in practice a full authorisation, including pre-application engagement, a Key Facts Document and remediation, runs to 12 to 18 months.^[3] Applicants should plan for thorough scrutiny of the business model, source of funds, governance and ICT resilience, and budget for genuine local hires from the outset rather than treating substance as a late add-on.

Regulatory Framework

Ireland regulates crypto-asset service providers under the EU’s Markets in Crypto-Assets Regulation (MiCA), Regulation (EU) 2023/1114,^[1] which applies directly as an EU Regulation without national transposition. The national instrument that gives it domestic effect and designates the competent authority is SI No. 607/2024, the European Union (Markets in Crypto-Assets) Regulations 2024, which commenced on 8 November 2024.^[2] It names the Central Bank of Ireland as national competent authority, sets the administrative penalties, and fixed the transitional period. See the consolidated category page for the MiCA framework: requirements and timeline →

Single-Supervisor Structure

Ireland concentrates supervision in one body. The Central Bank of Ireland handles CASP authorisation, prudential supervision, governance, conduct-of-business oversight, and AML/CFT supervision under the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010, with CASPs treated as designated persons.^[2] ESMA maintains the EU-wide register and drives supervisory convergence, while the European Banking Authority directly supervises issuers of significant asset-referenced and e-money tokens under MiCA Titles III and IV. For most service-provider applicants the Central Bank is the single point of contact.

Regulatory History

Ireland’s pre-MiCA framework was AML-based, not a bespoke licensing regime. The Criminal Justice (Money Laundering and Terrorist Financing) (Amendment) Act 2021 introduced VASP registration with the Central Bank, effective 23 April 2021, transposing the Fifth Anti-Money Laundering Directive. Registration covered AML/CFT and financial-sanctions obligations only, carried no passporting, and assessed firms on their AML framework and the fitness and probity of management and beneficial owners. By June 2024, 14 VASPs were registered.^[4]

SI 607/2024 provided the domestic anchor for MiCA, designating the Central Bank as national competent authority from 8 November 2024.^[2] MiCA’s ART and EMT rules applied from 30 June 2024, and the full CASP regime, together with the Travel Rule, applied from 30 December 2024.^[1]

Ireland used the Article 143(3) discretion to reduce the grandfathering window to 12 months, ending 29 December 2025, and the Department of Finance confirmed that choice in January 2024.^[17] The legacy VASP regime is now closed to new entrants, and registered VASPs that did not secure CASP authorisation had to cease the relevant activities after the deadline.

Authorisation Guidance

The Central Bank has published a dedicated MiCAR section and a detailed MiCAR FAQ setting out its supervisory expectations, the pre-application engagement it expects, and the substance test it applies.^[3] Firms with no current Central Bank relationship enter through the Innovation Hub, and the Central Bank also runs an Innovation Sandbox Programme, though the standard authorisation procedure under MiCA and the ESMA regulatory technical standards is the route to a CASP licence.^[5] Pre-application engagement and a Key Facts Document are expected before a formal filing.

Recent Regulatory Developments

Authorised CASP entity names below are sourced from the ESMA register, Central Bank records, and company announcements.^[7]

• 10 February 2026: The new PCF-57 Head of Safeguarding for CASPs pre-approval controlled function took effect, with appointments via Individual Questionnaire.^[20]
• 29 December 2025: The 12-month VASP transitional period ended; by then the Central Bank had authorised ten CASPs.^[18]
• 6 November 2025: The Central Bank fined Coinbase Europe Limited €21,464,734 for AML transaction-monitoring failures, signalling an active enforcement posture.^[19]
• 25 June 2025: Kraken’s Payward Europe Solutions Limited became the first major global exchange authorised as an Irish CASP.^[19]
• 30 December 2024: The full MiCA CASP regime and the Travel Rule applied; the Central Bank began accepting CASP applications.

Regulatory Overlap

EMI/PSD2 overlap: CASPs that issue or handle e-money tokens (EMTs) trigger EMD2/PSD2 requirements. The European Banking Authority confirmed (June 2025) that custody and transfer of EMTs can constitute payment services, requiring cumulative MiCA and PSD2 capital with no double-counting of own funds.^[21] The Central Bank runs parallel payment-institution or e-money-institution and CASP authorisation assessments and coordinates between them.

MiFID II overlap: Crypto-assets that confer equity-like rights or are negotiable on capital markets are classified as transferable securities under MiFID II, not MiCA. ESMA’s technology-neutral guidelines establish a substance-over-form classification test.^[8]

Article 60 notification: Credit institutions, MiFID investment firms, EMIs, UCITS management companies and AIFMs can provide certain crypto-asset services by a 40-working-day notification to the Central Bank rather than a full CASP authorisation. Core activities under the existing authorisation remain governed by their own regime.

Tokenised securities and RWA

MiCA Article 2(4) excludes crypto-assets that qualify as financial instruments, so a tokenised security (a tokenised share, bond or fund unit) sits outside MiCA. In Ireland such instruments are regulated under MiFID II, the Prospectus Regulation and the EU DLT Pilot Regime, Regulation (EU) 2022/858, rather than under the MiCA CASP regime. ESMA’s Guidelines on the qualification of crypto-assets as financial instruments set the boundary between the two perimeters. The honest point for issuers tokenising real-world assets: an Irish MiCA CASP authorisation does not cover tokenised securities, which follow the MiFID securities regime instead. Where the structure is a tokenised fund unit, see our fund licensing page for the underlying fund-vehicle route.

Regulatory Transition: Legacy VASP Register to MiCA CASP Authorisation (Closed)

Ireland has completed its transition from the legacy AML-based VASP register (maintained by the Central Bank from 23 April 2021) to full MiCA CASP authorisation. MiCA’s transitional regime under Article 143(3) let firms already providing crypto-asset services under national law before 30 December 2024 continue without MiCA authorisation for a grandfathering window set by each member state. Ireland used that discretion to set a 12-month window rather than the 18-month maximum, and it ended on 29 December 2025.^[3]

Key Milestones (Now Historical)

Transition Outcome

By the 29 December 2025 deadline the Central Bank had authorised ten CASPs, described as a mix of retail-focused and institutional-focused business models, and had received 305 crypto-asset white-paper notifications under MiCA.^[18] The ESMA-derived total had grown to roughly twelve Ireland-authorised CASPs by mid-2026. The pace confirms the practical reading: an Irish authorisation is a careful, case-by-case, multi-month undertaking rather than a formality, and applicants who entered the process late or under-prepared did not benefit from the closing window.

Consequences for Unauthorised Operations

Since the transition closed on 29 December 2025, providing crypto-asset services in Ireland without Central Bank authorisation (and without a valid passport from another member state) exposes operators to:

• Administrative penalties under MiCA and SI 607/2024: fines up to €5,000,000 or 12.5% of annual turnover (whichever is higher) for legal persons
• Penalties for natural persons (directors and officers) for serious infringements under MiCA’s sanctions regime
• Enforcement action: the Central Bank has an active posture, illustrated by the €21,464,734 fine imposed on Coinbase Europe Limited in November 2025
• Public warnings: the Central Bank publishes warnings naming entities operating without authorisation

Financial Institutions, Article 60 Notification

Already-authorised financial institutions (credit institutions, MiFID investment firms, EMIs, UCITS management companies and AIFMs) are not required to obtain a separate CASP authorisation for in-scope crypto-asset services. Under MiCA Article 60 these entities notify the Central Bank of their intention to provide crypto-asset services, supplying a programme of operations and evidence of adequate governance, with a 40-working-day notice period and further information requested within the first 20 working days. The Article 60 pathway is quicker than a fresh CASP authorisation but is open only to entities that already hold a qualifying authorisation.

License Types and Activities Covered

MiCA defines 10 crypto-asset services grouped into 3 classes that determine capital requirements. Ireland applies MiCA directly without additional national service categories. The classification determines the minimum own-funds requirement: €50,000 for Class 1, €125,000 for Class 2, and €150,000 for Class 3.

Covered Activities

What Does NOT Require CASP Authorisation

Services provided in a fully decentralised manner without any intermediary fall outside MiCA’s scope (Recital 22). Unique, non-fungible tokens (NFTs) are excluded unless issued in large series, collections, or fractionalised forms. Crypto-assets that qualify as financial instruments under MiFID II are regulated under existing securities law, not MiCA. Central bank digital currencies (CBDCs), deposits, insurance products, pension products, and securitisation positions are excluded.

DAO, DeFi, and Regulatory Perimeter

MiCA does not explicitly cover decentralised autonomous organisations (DAOs) or DeFi protocols. ESMA has stated that decentralisation exists on a spectrum rather than as a binary classification. Partially decentralised services: such as DEXs with upgrade keys, admin-controlled smart contracts, or governance tokens concentrated among a small group, remain within MiCA’s scope if an identifiable intermediary exists. The Central Bank treats these by reference to whether an identifiable person provides a regulated service, in line with the EU-level framework.^[3] Applicants operating hybrid models should raise the question during pre-application engagement before filing.

NFT Classification

NFTs that are unique and non-fungible are excluded from MiCA under Article 2(3). The exclusion ceases to apply when: NFTs are issued as part of a large series or collection (suggesting fungibility), NFTs are fractionalised into interchangeable units, or the NFT functions as a payment or investment instrument regardless of its label. The classification is substance-based: labelling a token as “NFT” does not determine its regulatory treatment.

Requirements

MiCA CASP authorisation in Ireland requires an Irish corporate entity (most commonly a private company limited by shares, an LTD), minimum own-funds of €50,000–€150,000 depending on service class, a registered office in Ireland, fit-and-proper senior individuals, robust AML/CFT systems under Central Bank oversight, and a comprehensive compliance documentation suite. The defining requirement is genuine local substance: a crypto-competent board and executive with independent decision-making in Ireland. All qualifying shareholders (10%+ of capital or voting rights) undergo a fit-and-proper assessment with source-of-funds verification.

Ireland’s defining requirement is substance, not language. The Central Bank states that firms are expected to demonstrate substance and autonomy in Ireland and be led by a local crypto-competent executive and board, and that the local board and executive must have full oversight, independent decision-making, and local management of outsourcing risk.^[3] Where the Central Bank has concerns that a firm will not operate this way, it has stated plainly that the firm will not be authorised. Applicants should plan genuine local hires from the outset and treat substance as a pass-or-fail gate rather than a documentation exercise.

Fitness and Probity

The Central Bank operates a Fitness and Probity regime that applies to individuals holding Pre-Approval Controlled Functions (PCFs), assessed through Individual Questionnaires submitted via the Central Bank portal.^[3] Assessment dimensions include professional qualifications and experience, reputation and integrity (criminal background check, regulatory history), financial soundness, and the collective competence of the management body. From 10 February 2026 a dedicated PCF-57 Head of Safeguarding for CASPs applies, reflecting the Individual Accountability Framework and the Senior Executive Accountability Regime.^[20] Demonstrating the legitimate origin of owners’ capital is central, and weak source-of-funds documentation is a common reason for delay across EU CASP applications.

Local Presence and Substance

Ireland enforces the strictest substance expectation among the EU MiCA jurisdictions covered here. A registered office and central administration in Ireland are expected, and virtual-office-only arrangements do not satisfy the Central Bank. The local board and executive must have full oversight and independent decision-making, manage outsourcing risk locally, and not blur the three lines of defence; at least one EU-resident director is required under MiCA. A letter-box entity with management outsourced to another jurisdiction is not acceptable and, in the Central Bank’s own words, will not be authorised. Substance expectations scale with the service profile: a Class 3 trading-platform operator faces materially higher governance and staffing expectations than a Class 1 advisory firm.

AML/CFT and Travel Rule

Ireland’s AML framework is governed by the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (as amended), with the Central Bank as the AML supervisor and CASPs as designated persons.^[9] The EU’s Transfer of Funds Regulation Recast (Regulation (EU) 2023/1113) applies directly. Critically, there is no de minimis threshold for CASP-to-CASP transfers: full originator and beneficiary information must accompany every crypto transfer regardless of amount. The €1,000 threshold applies only to transfers involving self-hosted wallets: where a transfer exceeds €1,000 to or from an unhosted address, the CASP must verify that the customer owns or controls that address.^[10]

Sanctions screening must cover EU consolidated sanctions lists (mandatory) and UN sanctions lists (implemented via EU legislation). OFAC screening is not legally mandatory in Ireland but is strongly recommended given extraterritorial reach and correspondent-banking expectations. Suspicious transactions are reported to the Financial Intelligence Unit, and CASPs maintain customer due diligence, ongoing monitoring, beneficial-ownership records and the crypto-specific typologies (mixers, privacy coins, peel chains) the Central Bank expects in an application.

Application Process

Once a complete application is filed, MiCA Article 63 gives the Central Bank 25 working days to confirm completeness and 40 working days to assess it substantively, with the clock paused while the regulator awaits requested information.^[1] In practice the Central Bank poses questions during review and expects substantive pre-application engagement before filing.^[3] Including entity setup, pre-application and remediation, the realistic end-to-end timeline is 12–18 months.^[23]

The Central Bank expects firms to engage before filing: through the Innovation Hub for those with no current Central Bank relationship, and through a Key Facts Document (KFD) that frames the proposed business for pre-application discussion.^[3] Early clarity on classification, for example whether a token is a financial instrument under MiFID II rather than a crypto-asset under MiCA, can save significant time during the substantive review.

Application language: English. The process is conducted in English under a common-law framework, which removes the translation burden that applies in some other EU jurisdictions and is part of Ireland’s appeal to international applicants.^[3]

Building genuine local substance and the compliance and DORA documentation is the most time-intensive part of any Irish CASP application, and the pre-application stage is where Ireland diverges most from lighter-touch regimes. Generic templates adapted from other jurisdictions are a common cause of delay and information-request cycles, and an under-built substance plan is a common cause of outright refusal.

Required Documents

The Central Bank’s CASP authorisation documentation requirements follow MiCA Article 62 and the ESMA regulatory technical standards under Articles 60 to 69.^[11] The application covers governance, the programme of operations, prudential safeguards, the AML/CFT and ICT packages, and Individual Questionnaires for each PCF holder.^[3]

Corporate Documents

Certificate of incorporation from the Companies Registration Office. Constitution (articles of association). Shareholder register. Irish tax registration. Evidence of own-funds or qualifying insurance per MiCA Annex IV. Legal Entity Identifier (LEI). Proof of registered office address in Ireland.

Personal Documents (All Directors, PCF Holders, and Qualifying Shareholders)

Valid government-issued photo identification (passport or national ID). Curriculum vitae with detailed professional history. Criminal record certificates from each country of residence in the past 10 years. Declaration of good repute and absence of pending proceedings. Evidence of professional qualifications, skills, and experience relevant to the role. Individual Questionnaire for each Pre-Approval Controlled Function. For qualifying shareholders (10%+): detailed source-of-funds and source-of-wealth documentation, among the most scrutinised elements in EU CASP applications.

Compliance Documentation

The compliance documentation is the most heavily scrutinised component of any Irish CASP application. Each document must be bespoke, reflecting the applicant’s specific business model, risk profile, and operational structure, and aligned to the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 and Central Bank expectations. Generic MiCA templates adapted from other jurisdictions are a common cause of information requests and delay.

Business Plan and Financial Projections

Programme of operations per MiCA Article 62(2)(d): description of all crypto-asset services to be provided, target markets, client profile, marketing strategy. Three-year financial projections including revenue model, cost base, capital adequacy forecasts, and break-even analysis. Description of the governance structure and internal control mechanisms.

Technology and Operational Documentation

IT architecture documentation. Cybersecurity policy and penetration test reports. Hot/cold wallet management and key management procedures (for custody service providers). Business continuity plan and disaster recovery procedures. Third-party ICT provider register (DORA requirement). Incident response plan for major ICT incidents.

Costs and Pricing

Ireland sits at the higher-cost, higher-credibility end of the EU MiCA spectrum. The Central Bank charges no application fee, but the largest components, professional advisory, the substantial local-substance payroll (Irish salary levels are high), the DORA build and the compliance documentation, push a credible Class 2 or 3 build into the upper EU range. The figures below are indicative practitioner planning ranges, not Central Bank quotes.^[23]

Total Cost Summary

Note: the minimum own-funds capital (€50,000–€150,000) must be held as qualifying Common Equity Tier 1 own funds and is not consumed during operations; mid-sized CASPs often hold €350,000 to €750,000 in practice to satisfy supervisory solvency expectations. The Central Bank charges no application fee; an annual industry funding levy applies once authorised. As of the 2025 Industry Funding Regulations there was no dedicated CASP levy category, only the legacy VASP category, so the first CASP-specific levy figure must be confirmed on publication of the relevant 2026 regulations. The professional and people figures above are practitioner benchmarks, not Central Bank quotes.^[6]

Timeline

Ireland’s statutory clock mirrors MiCA Article 63 (25 working days completeness, 40 working days substantive), but the front-loaded pre-application phase and the stop-the-clock periods for information requests are the main drivers of the real-world timeline. The Central Bank declines to give fixed timelines and says the best-prepared firms proceed more efficiently, so applicants should plan for the upper part of the range; a fully built substance plan, clear classification and strong source-of-funds evidence move fastest.^[3]

Taxation

Ireland’s tax base is a genuine part of the value proposition. A CASP carrying on a genuine trade of dealing in crypto pays the 12.5% trading corporation-tax rate, though establishing trading status is a high bar; non-trading or passive income is taxed at 25% and chargeable gains at an effective 33%.^[12] Crypto-asset exchange services are VAT-exempt across the EU under the CJEU Hedqvist ruling. The 15% Pillar Two minimum applies only to groups above €750 million in turnover, leaving over 99% of companies on the 12.5% rate.

Establishing Trading Status

The 12.5% rate is not automatic. It applies only where the company carries on a genuine trade of dealing in crypto, assessed on the badges of trade: frequency and organisation of activity, commerciality, and the presence of real trading infrastructure and staff. Where the activity is investment rather than trading, profits are taxed as passive income at 25% and disposals attract chargeable-gains tax at an effective 33%. The exchange of crypto for fiat and back, where acting as principal, is treated as a VAT-exempt financial service following the CJEU Hedqvist ruling, while VAT applies as normal to goods or services paid for in crypto.^[12]

CARF / DAC8 Reporting

Ireland has adopted the OECD Crypto-Asset Reporting Framework via the DAC8 Directive (Council Directive (EU) 2023/2226), implemented through section 891HA of the Taxes Consolidation Act 1997 (Finance Act 2025) and SI 584/2025.^[14] Reporting crypto-asset service providers collect data from 1 January 2026, file their first returns by 31 May 2027, and Revenue exchanges information by 30 September, placing Ireland in the 2027 first-exchange group. DAC8 transposes the OECD framework into EU law, harmonising crypto tax transparency across member states.^[15]

Pillar Two (Global Minimum Tax)

Ireland has implemented the OECD Pillar Two global minimum tax for accounting periods beginning on or after 31 December 2023, operating an income-inclusion rule, a Qualified Domestic Top-up Tax, and an under-taxed-profits rule from 31 December 2024. The 15% minimum effective rate applies to groups with consolidated turnover of at least €750 million in two of the prior four years. Over 99% of companies remain outside scope and continue to pay the 12.5% rate, so Pillar Two is relevant only where a CASP forms part of a large multinational group.^[13]

Ongoing Compliance & Post-Authorisation

MiCA CASP authorisation creates a permanent compliance obligation. The authorisation is indefinite (no renewal), but the Central Bank conducts ongoing supervision through periodic reporting, inspections, fitness-and-probity oversight, and real-time ICT incident reporting. Indicative annual ongoing compliance costs run from roughly €130,000 for a minimal Class 1 operation to €320,000+ for a full-service Class 3 exchange, reflecting the substance the Central Bank expects to be maintained.

Reporting Obligations

CASPs must submit periodic reporting to the Central Bank under MiCA’s reporting framework, including financial information, prudential data, and activity reporting.^[3] Audited financial statements are required, the DORA Register of Information is submitted annually, and CASPs separately meet AML reporting obligations and tax reporting obligations (CARF/DAC8 from the 2026 reporting year).

Supervision Fees

MiCA authorisation is indefinite, so there is no annual renewal fee. The Central Bank charges no application fee, but authorised firms pay an annual industry funding levy under section 32D of the Central Bank Act 1942. As of the 2025 Industry Funding Regulations there was no dedicated CASP levy category, so the first CASP-specific levy must be confirmed on publication of the relevant 2026 regulations; the ongoing figures in the cost table are indicative planning ranges rather than published tariffs.^[6]

Regulatory Inspections

The Central Bank conducts both scheduled and unscheduled supervisory inspections, with thematic reviews focused on AML/CFT compliance, client-asset safeguarding, cybersecurity, and governance. As both the prudential and AML supervisor, the Central Bank can examine a CASP across the full set of obligations in a single supervisory relationship, and its enforcement posture is active.

Enforcement

The Central Bank’s enforcement powers under MiCA and SI 607/2024 include:

• Administrative fines up to €5,000,000 or 12.5% of annual turnover for CASPs (MiCA Article 111)
• Significant fines for natural persons (directors, officers) for serious infringements
• Public statements naming the entity and the nature of the breach
• Withdrawal of authorisation
• Temporary prohibition on management functions
• Suspension or limitation of services

The enforcement record is not theoretical. On 6 November 2025 the Central Bank fined Coinbase Europe Limited €21,464,734 (reduced from €30,663,906 after a 30% settlement discount) for AML transaction-monitoring failures between 2021 and 2025, in which over 30 million transactions worth €176 billion went unmonitored. It was the Central Bank’s 162nd enforcement outcome and a clear signal of the supervisory standard expected of CASPs.^[19]

Advertising and Promotion Rules

MiCA’s marketing communications regime (Articles 7, 29, 53, and 66) applies directly to Irish CASPs.^[1] All marketing must be fair, clear, and not misleading, clearly identifiable as marketing, and consistent with the relevant white paper. As an Irish overlay, the Central Bank’s Consumer Protection Code applies to MiCAR activities: a December 2024 Addendum set out which parts applied, and the revised Consumer Protection Code took effect on 24 March 2026 and applies to all MiCAR activities.^[3] The ESMA knowledge-and-competence guidelines apply to staff giving crypto information or advice.

ICT Risk Management & Operational Resilience

The Digital Operational Resilience Act (DORA, Regulation (EU) 2022/2554) applies to all CASPs authorised under MiCA.^[16] DORA has been applicable since 17 January 2025. The Central Bank is the enforcement authority for DORA compliance among Irish CASPs, and Irish DORA penalties run up to €10 million or 10% of turnover.

Incident Reporting

Major ICT-related incidents must be reported to the Central Bank within strict deadlines:

Digital Resilience Testing

All CASPs must conduct general resilience testing under DORA Articles 24–25, including vulnerability assessments and penetration testing. Threat-led penetration testing (TLPT) under Articles 26–27 applies only to entities identified as significant. TLPT frequency is at least every 3 years. Microenterprises are explicitly excluded from TLPT. Most smaller and mid-size CASPs will not be designated for TLPT but must still conduct general testing.

Third-Party ICT Risk and the Register of Information

CASPs must maintain a register of all ICT third-party service providers, including cloud providers, blockchain infrastructure providers, and custody technology vendors, and submit a Register of Information to the Central Bank annually under DORA Article 28(3). Contractual arrangements must include the mandatory Article 30 clauses, with audit rights, termination provisions, and exit and data specifications. The first Critical ICT Third-Party Provider list, designating 19 providers including the major cloud platforms, was published on 18 November 2025.

Wallet and Key Management

CASPs providing custody services must implement segregated hot/cold wallet architectures, multi-signature authorisation for material transactions, key generation in secure environments, and documented key backup and recovery procedures.

Banking

Banking is the single biggest practical constraint for a MiCA CASP operating from Ireland, even after authorisation. A named entry on the ESMA register is a genuine due-diligence asset for banks and partners, and MiCA authorisation materially improves bankability, but it does not guarantee an Irish operating account. This is the honest gating issue: a Central Bank authorisation without functioning banking is of little practical use, so banking feasibility belongs at the front of the plan, not the end.

The structural realities are blunt. Ireland’s small number of remaining domestic incumbent retail and commercial banks have historically had low appetite for crypto-native clients; de-risking and AML-cost concerns dominate, so exchange and custody models can expect long onboarding, enhanced due diligence, and frequent declines. EU and EEA specialist e-money institutions and payment institutions are the realistic primary rail for client-money flows and operating accounts during scale-up, typically a continental-European EMI with a crypto-sector mandate offering safeguarding-style accounts, SEPA access, and dedicated IBANs.

Crypto-accommodating EU credit institutions are becoming more available as large European banks move onto MiCA rails and build digital-asset desks, with bank-backed euro-stablecoin launches expected through 2026. The practitioner read for a credible Class 2 or 3 Irish CASP is to budget months for onboarding, present a fully built AML and Travel Rule programme as a banking precondition, and run a multi-rail stack of one EU credit institution for safeguarding plus one or more specialist EMIs for flow. Stablecoin de-risking across EU venues shapes which rails support which assets.

Banking access is a binding constraint, not an afterthought. The partner network places banking and EMI relationships for operators authorised in the EU jurisdictions it services, across institutions covering EU banks, EMIs, and crypto-native rails, and confirms banking feasibility before a licence application is filed. Banking for licensed crypto operators →

FATF Status & International Standing

Ireland does not appear on any FATF list. It is absent from both the FATF list of Jurisdictions under Increased Monitoring (the “grey list”) and the list of High-Risk Jurisdictions subject to a Call for Action (the “black list”), and has never been listed under either. As an EU member state, Ireland is likewise outside the scope of the EU list of high-risk third countries, which by definition covers non-EU jurisdictions only.

Ireland is a FATF member, assessed by the FATF directly. Its 2017 Mutual Evaluation found a sound and substantially effective AML/CFT regime, and its 2022 follow-up re-rated Recommendation 22 to largely compliant and maintained Recommendation 15 (New Technologies) at largely compliant, leaving Ireland compliant or largely compliant on 34 of the 40 Recommendations.^[15] The FATF’s fifth-round evaluation under the 2022 methodology is pending; the precise on-site date should be confirmed before publication. Ireland’s AML framework is set by the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 and supervised by the Central Bank.

For a crypto operator, the practical reading is that Ireland carries strong international standing: a Central Bank authorisation is a reputable, EU-grade credential with no FATF or EU watchlist baggage, and the regulator’s active enforcement posture reinforces that the credential is hard-won. Ireland is also within scope of the EU’s new AML package, including the Anti-Money Laundering Regulation (Regulation (EU) 2024/1624) and the new EU Anti-Money Laundering Authority (AMLA), which will progressively harmonise AML supervision across member states.^[9]

This standing is one reason an Irish authorisation is prized by institutional counterparties. It is, however, available in different forms from other reputable EU member states: an operator authorised elsewhere reaches Irish clients on the same regulatory footing, so the choice of Ireland turns on the value placed on the specific Central Bank brand and a common-law base rather than on access alone.

MiCA Passporting and EU Market Access

MiCA passporting is the headline commercial value of any CASP authorisation. Under Article 65, an Irish CASP notifies the Central Bank of its intention to provide cross-border services or establish a branch in other EEA member states, supplying the list of host member states, the services to be provided, and the intended start date. The Central Bank communicates the notification to host NCAs and ESMA. No separate authorisation, additional capital, or waiting period is required from host countries.^[1]

Both routes are covered: freedom to provide services (cross-border without establishment) and the right of establishment (opening a branch). Passporting is service-specific, so only the services covered by the Irish authorisation can be provided cross-border, and host NCAs cannot block either route except in extraordinary circumstances.

The MiCA passport extends across the full EEA. EEA jurisdictions Iceland, Liechtenstein and Norway sit inside the MiCA passport via EEA Joint Committee Decision No 41/2025 of 20 February 2025 (with supplementary RTS via JCD 138/2025 of 13 June 2025); three non-EU/non-EEA jurisdictions in geographical Europe sit outside the passport regime and require local authorisation for local clients: the United Kingdom, Switzerland, and Gibraltar.^[18]

Article 61 reverse solicitation is third-country-only and does not apply to an EU-authorised CASP marketing to other EU/EEA Member States: passporting via Article 65 is the operative pathway. The ESMA Guidelines on reverse solicitation (26 February 2025, applicable from 27 April 2025) are framed for non-EU operators serving EU clients on a strictly unsolicited basis, read solicitation broadly and technology-neutrally, and are not a viable market-entry route. See the dedicated reverse solicitation guide for the third-country compliance pattern.^[22]

The ESMA Interim MiCA Register has been operational since 30 December 2024, published as CSV files updated weekly.^[8] Irish CASPs are listed in the Central Bank register and propagated to the ESMA register on authorisation, which is the canonical source for the current Irish CASP count.

Advantages and Limitations

Ireland offers a prestigious, English-language, common-law MiCA route with strong international standing, full passporting and a 12.5% trading tax. The limitations are equally real: a long, demanding timeline, a hard substance bar, a binding banking constraint, and a high cost base.

• ✓ Full EU passporting to 30 EEA states. A single Central Bank authorisation grants cross-border service provision and branch establishment rights across the entire European Economic Area.
• ✓ Top-tier regulator and a blue-chip credential. A Central Bank of Ireland authorisation is a strong due-diligence asset with banks, prime brokers and institutional counterparties.
• ✓ English-language, common-law system. The application and supervision run in English under a familiar legal framework, lowering friction for international applicants.
• ✓ 12.5% trading corporation tax. A genuine crypto trade is taxed at 12.5%, and over 99% of companies sit outside the €750 million Pillar Two threshold.
• ✓ MiCA capital applied directly, no national overlay. Ireland follows MiCA minimums (€50,000–€150,000), met with qualifying own funds, insurance, or a combination.
• ✓ Indefinite authorisation, no application fee. The authorisation does not expire and the Central Bank charges no application fee; an annual industry levy applies once authorised.
• × Long, demanding timeline. A realistic 12 to 18 months end-to-end, with heavy pre-application engagement. Mitigation: start pre-application early and prepare a complete, well-evidenced file.
• × Non-negotiable substance test. A local crypto-competent board and executive are required; letter-box structures are refused. Mitigation: budget for genuine local hires from the outset.
• × Banking is the binding constraint. Domestic banks have low appetite; client-fiat safeguarding needs an EU credit institution. Mitigation: build a pre-qualified multi-rail stack before filing.
• × High cost base and active enforcement. Irish salaries and the DORA build are costly, and the Central Bank enforces firmly. Mitigation: scope the full Year-1 cost and compliance load honestly upfront.

Ireland vs. EU Routes

The same MiCA passport reaches the same clients from any EEA member state, so the practical question is which jurisdiction’s trade-offs fit the business. Ireland competes on prestige, an English-language common-law process and a low trading-tax rate; the peers below compete on speed, cost, or a different tax model. All offer the identical EU passport.

Compare every crypto jurisdiction side by side →

The key point is: Ireland’s draw is institutional credibility, an English-language common-law process, and the 12.5% trading rate, not speed or cost. Where a fast or cheaper route matters, an English-language peer such as Cyprus or Malta, or a reinvestment-friendly base such as Estonia, reaches exactly the same EU clients by passport, often sooner.

The partner network provides end-to-end crypto licensing in Estonia, Lithuania, Latvia, the Czech Republic, Cyprus, and Malta: company formation, licence application, banking introductions, and post-licensing compliance, each with Article 65 passporting across the EEA. A CASP authorised in any EEA member state serves Irish clients on identical terms to an Irish-authorised provider. See the full Estonia CASP licensing guide →

When Ireland Is the Right Choice

Consider a direct Irish authorisation if: a top-tier Central Bank of Ireland credential is commercially important for an institutionally-facing exchange, custody or broker business; the operation values an English-language, common-law base and can carry the substance and banking build; or the 12.5% trading rate and Ireland’s standing materially shape the structure. Otherwise, where speed, a lower cost base, or a different tax model are the priority, a faster English-language peer plus passporting reaches the same clients.

Not sure which column is you? Ask Emma. She compares these jurisdictions in seconds, in your language.

Common Mistakes With the Irish Regime

Most errors around Ireland come from importing assumptions from lighter-touch jurisdictions: treating substance, banking and the DORA build as paperwork rather than the core of the authorisation. The most frequent missteps are below.

• Assuming a legacy VASP registration shortcuts CASP authorisation. Ireland declined the Article 143(6) simplified procedure, the Central Bank calls VASP status “not instructive”, and the transitional window already closed on 29 December 2025. Every applicant files a full CASP application.
• Treating substance as a letter-box. The Central Bank will not authorise a firm that lacks a local crypto-competent board and executive with independent decision-making in Ireland. Outsourced management to another jurisdiction fails the test.
• Under-building the DORA and ICT package. CASPs are in scope from 17 January 2025; a missing Register of Information (Article 28(3)) or absent Article 30 outsourcing clauses fails on inspection.
• Holding capital in crypto or un-segregated. Article 67 own funds must be qualifying CET1 instruments, not balance-sheet crypto, and client fiat must sit with an EU credit institution by the next business day.
• Mis-assuming the 12.5% rate applies automatically. It requires carrying on a genuine trade; investment gains are taxed at an effective 33% and passive income at 25%.
• Ignoring EMT and PSD2 cumulative capital. Handling e-money tokens can trigger dual MiCA and PSD2 authorisation and stacked capital, with no double-counting of own funds.
• Relying on reverse solicitation to serve EU clients. ESMA’s 26 February 2025 guidelines read solicitation broadly and technology-neutrally, making reverse solicitation a dead end as a market-entry route.

Frequently Asked Questions

References