If you're running a crypto business in Europe, you've likely heard of MiCA is the Markets in Crypto-Assets Regulation, a comprehensive legal framework designed to harmonize crypto-asset rules across the European Union . While MiCA provides the rulebook, it doesn't act as a single global office. Instead, the actual enforcement, licensing, and daily supervision happen through 27 different gates known as National Competent Authorities, or NCAs. For any firm wanting to legally operate across the EU, these authorities are the most important relationship they will manage.
What Exactly is a National Competent Authority?
An NCA is essentially the designated "crypto cop" for a specific EU member state. Each country picks a financial regulator to handle the heavy lifting of MiCA. Think of it as the primary interface between your company and the law. If you want a license to provide crypto services, you don't apply to the EU as a whole; you apply to a specific NCA in a country where you have a physical presence.
These authorities aren't new to the game. Most are established financial heavyweights with decades of experience in banking and stock markets. For example, in Germany, the BaFin is the Federal Financial Supervisory Authority, responsible for overseeing the German financial system handles the role. In France, it's the AMF is the Autorité des Marchés Financiers, the regulator for French financial markets . Because these agencies already know how to regulate traditional finance, they bring a level of rigor-and sometimes a level of bureaucracy-to the crypto space.
Who is Who? Major NCAs Across Europe
Depending on where you set up your headquarters, you'll be dealing with a different regulator. While all follow MiCA, the "vibe" and speed of these agencies can vary wildly. Some are known for being methodical and slow, while others have raced to attract crypto business.
The Netherlands and Malta were among the first to jump in, issuing licenses the very second MiCA went into full effect on December 30, 2024. This rapid response showed they were eager to position themselves as crypto hubs. On the other hand, Germany's BaFin took a more staged approach, starting their license issuances in mid-January 2025. This reflects a more cautious, methodical style of regulation.
| Country | NCA Name | Primary Focus/Reputation |
|---|---|---|
| Germany | BaFin | Rigorous, methodical, strong banking background |
| France | AMF | Sophisticated market surveillance, proactive |
| Spain | CNMV | Focus on investor protection and market stability |
| Italy | CONSOB | Supervision of the Italian stock exchange and crypto |
| Netherlands | AFM | Fast implementation, early MiCA license adopter |
How the Licensing Process Actually Works
Getting a CASP is a Crypto-Asset Service Provider license, which allows a firm to offer services like exchange or custody across the EU via "passporting" license is the "golden ticket." Once you get approved by one NCA, you can essentially "passport" your services into other EU countries without having to apply for a separate license in every single state. This is the biggest advantage of the MiCA system.
But getting that first license isn't as simple as filling out a web form. You have to prove several things to your chosen NCA:
- Governance: Who is running the show? You need clear organizational charts and experienced management.
- Capital Adequacy: Do you have enough cash in the bank to survive a market crash without disappearing?
- Risk Management: How do you handle hacks, lost keys, or operational failures?
- Consumer Protection: How are you treating your users? This includes clear disclosures and honest marketing.
Once you're in, the work doesn't stop. NCAs require regular audits and mandatory disclosures. You'll also need to report incidents-like a security breach-immediately. If you're dealing with different types of tokens, such as utility tokens or e-money tokens, the disclosure requirements change, and your NCA will be the one verifying that you've followed the rules.
The Layer Cake: NCAs vs. EU-Level Authorities
It's a common mistake to think the NCA is the only authority you need to worry about. In reality, the EU has a multi-tiered oversight system. The NCAs are the boots on the ground, but they report to and are coordinated by higher-level agencies.
The ESMA is the European Securities and Markets Authority, which coordinates the 27 NCAs to ensure the rules are applied the same way everywhere is the big coordinator. They create the technical standards and maintain the public register of who is actually licensed. If a firm is acting illegally, ESMA helps maintain the "blacklist."
Then you have the EBA is the European Banking Authority, which specifically focuses on stablecoins and prudential standards . If you are issuing a significant stablecoin, the EBA becomes a much more prominent figure in your life than a standard national regulator. Above them all, the European Central Bank (ECB) keeps an eye on things to make sure crypto doesn't crash the overall financial stability of the Eurozone.
Coming in 2026, we'll see the AMLA is the Anti-Money Laundering Authority, a new EU body that will directly supervise the largest cross-border crypto firms for AML/CFT compliance . This is a hint at where things are headed: more direct EU control and less reliance on individual national offices.
The Push Toward Centralization: Is the NCA Model Dying?
Right now, the system is a bit fragmented. Imagine trying to get 27 different people to agree on exactly how to interpret one sentence in a law. That's what ESMA is dealing with. This "fragmentation" has led to a bit of a mess where some NCAs are faster or more lenient than others, which creates "regulatory arbitrage" (companies shopping for the easiest regulator).
Because of this, the EU is planning a major shift. Leadership at ESMA has already hinted that the European Commission is preparing rules to move supervision of the biggest crypto companies away from national authorities and directly to ESMA. The goal is to stop building the same expertise 27 different times and instead have one powerhouse agency doing it once for everyone.
For a large company, this is great news-it means one set of rules and one point of contact. For smaller firms, it's a bit more nerve-wracking, as a giant EU agency might be less flexible than a local regulator in a smaller member state. This shift won't happen overnight; it will likely take several years of legislation, but the trend is clear: the era of the "local" crypto regulator is slowly winding down for the big players.
Practical Tips for Choosing Your NCA
If you're deciding where to apply for your license today, don't just pick a country because you like the food. You need to look at the operational reality of that NCA. Some firms prioritize the speed of issuance, which might lead them toward the Netherlands or Malta. Others prioritize market prestige and a deep financial ecosystem, which makes Germany (BaFin) or France (AMF) more attractive.
Keep in mind that while the rules of MiCA are the same, the interpretation can differ. One NCA might be more skeptical of a specific DeFi integration than another. Before you commit, it's worth talking to legal experts who have actually filed applications in those specific jurisdictions to see where the bottlenecks are.
Do I need a license from every EU country to operate?
No. Thanks to the "passporting" mechanism in MiCA, you only need to get licensed by one National Competent Authority (NCA) in a member state where you are established. Once you have that license, you can provide your services across all other EU member states.
What happens if I ignore the NCA and operate anyway?
Operating without a license is a major risk. NCAs have the power to issue fines, block your services within their borders, and place you on ESMA's public blacklist. Since MiCA is now fully in effect, regulators are actively monitoring the market for unlicensed providers.
Which is the fastest NCA for licensing?
Historically, the Netherlands and Malta have been among the fastest, often issuing licenses immediately upon the regulation's entry into force. However, processing times can change based on the volume of applications each agency is handling.
Will ESMA replace the NCAs entirely?
Not entirely, but for the most significant cross-border entities, supervision is likely to move to ESMA. Smaller, domestic-focused firms will likely continue to be supervised by their national authorities.
What is the role of the EBA compared to the NCA?
While the NCA handles general crypto service providers, the EBA (European Banking Authority) focuses specifically on stablecoins, particularly "significant" ones, ensuring they have proper reserves and liquidity to prevent systemic financial crashes.
Write a comment