The Licensing Gap Most Founders Haven’t Closed
Most crypto founders building with e-money tokens (EMTs) or handling value transfers assume their Markets in Crypto-Assets Regulation (MiCA) authorisation covers everything they need, including crypto payments licensing.
That isn’t always the case though.
There are specific categories of activity that sit within the scope of payment services regulation, separate from and additional to MiCA. If your project involves this, you may need a payment institution licence alongside your authorisation as a Crypto-Asset Service Provider (CASP) under MiCA. Not instead of it. As well as it.
Regulators across the EU are already asking CASPs to assess their activity and act.
Who This Applies To
You provide or are building crypto services that involve payment services.
It does not matter whether you are already licensed, in a licensing process, or still planning. The question is the same at every stage, and the earlier you answer it, the more options you have.
Which Activities Fall Within Scope
The European Banking Authority’s (EBA) guidance, which national regulators are now applying, is specific.
The following activities are considered payment services under Payment Service Directive 2 (PSD2):
- The transfer of EMTs on behalf of clients
- The custody and administration of EMTs on behalf of clients. Including custodial wallets held in the name of clients that allow sending and receiving EMTs to and from third parties
The following activities are explicitly outside the scope of PSD2:
- Exchanging crypto assets for funds (including EMTs)
- Exchanging crypto assets for other crypto assets
- Intermediating in the purchase of crypto assets using EMTs
This distinction matters because it is precise. The analysis depends on what your service actually does, not what you call it.
The Regulatory Position Across the EU
The clearest signal that this is no longer a theoretical issue is what regulators are actually doing.
Some national competent authorities have opened dual application pathways specifically for CASPs. They are not waiting for firms to come forward, they are actively reaching out, asking CASPs to self-assess and engage.
In Cyprus, both CySEC and the Central Bank of Cyprus (CBC) have issued clear guidance and opened the application process. CASPs already offering EMT services that qualify as payment services were asked to submit applications to the CBC.
Other jurisdictions are at different stages. Supervisory readiness, timelines, and the practical approach to dual applications vary across the EU. Some have already opened streamlined pathways; others are not there yet. That gap matters, because where you decide to run your dual application is a strategic choice, not just an administrative one.
What is consistent is the direction of travel: the expectation is engagement, not silence. Which is great!
For context, this flows from the EBA’s No Action Letter, published in June 2025, which gave CASPs a transition period to get their structures in order. That transition period ended on 2 March 2026. The guidance that followed made clear what was expected from that point, which brings us to the three positions CASPs are now in.
The Three Positions CASPs Are Now In
Before we get to options, it helps to understand where you actually sit. Based on the EBA guidance now being applied by national regulators, CASPs offering EMT services that qualify as payment services fall into one of three positions:
1. You have obtained PI/EMI authorisation or partnered with an authorised provider.
You can continue carrying out EMT transactions within the scope of that authorisation. This is the resolved position.
2. You have submitted an application but do not yet have authorisation.
You can continue operating pending the decision, subject to conditions: you must cease all marketing of the relevant EMT services and must not onboard new clients for those services while the application is pending.
3. You have not submitted an application, or have submitted one but have not met the conditions above.
The expectation at this point is that you cease providing the relevant EMT services and off-board clients. This is the position no project wants to be in.
One thing worth understanding about the dual application specifically: it is not the same as applying for a standalone payment institution licence from scratch. The EBA has explicitly asked national regulators to use information already submitted for MiCA authorisation as much as possible in the PSD2 process, making this a more targeted exercise than a full PI application. The scope of what a CASP is authorising is also narrower, tied to EMT-related payment services specifically, which means the ongoing obligations are scoped accordingly.
For many projects, the dual application is a more proportionate path than it might initially appear, both in terms of time and cost.
Assessing Your Options and Choosing a Path
Crypto payments licensing is where most projects hit their first real complication. This is where most projects are. Either they do not yet know whether their activity falls within the payment services scope, or they know it does but are unsure which path makes sense for their situation.
The answer is different for every project, because it depends on several things: what your product actually does, how central payments are to your business model, what your growth plans look like, your timeline, and where you are licensed or intend to operate.
For a project where EMT transfers are peripheral, a feature rather than a core function, the calculus is different from a project where payments are central to what users experience every day. The redesign or partnership route may be proportionate in one case and completely inadequate in the other.
Beyond the “what” of your activity, there is also the question of “where.” Not all EU regulators are equally ready to process dual applications, and the jurisdiction you choose has real implications… for speed and for operational capacity.
Some NCAs have already moved quickly and have active processes open. Others are still developing their approach. If you are starting this process now, the jurisdiction question is not a formality… it is part of the strategy.
What the right structure looks like for your project, whether that is a dual application, a partnership, a product redesign, or a combination, is something that should be worked through deliberately, with a clear view of your activity, your plans, and the options available in the jurisdictions relevant to you.
What Working Through This Looks Like in Practice
At DLT Law, we are helping clients across EU member states work through the activity assessment… understanding what they do, whether it triggers PSD2 obligations, and what the options are from there.
In Cyprus, where the dual application pathway is now open, we are among the first to be actively taking clients through that process. The frameworks are recent, the practical path through the dual application is still being established in most jurisdictions, and the on-the-ground knowledge of how regulators are approaching it is something we are building directly through these early applications.
If you are a crypto project that touches payments, or if you are not sure whether you do – a short, focused conversation is usually enough to get clarity on where you sit and what your next step is.
Reach out to us at DLT Law. Happy to talk through what this looks like for your specific situation.
Next Steps
If this article raised questions about your own project, here is a practical starting point.
Step 1: Map what your service actually does
Not what it is called, not what it is marketed as. The functional test: does your service involve transferring EMTs on behalf of clients, or custody of EMTs in a way that allows clients to send and receive to third parties? If yes, you are likely in scope. If you are unsure, that uncertainty is itself the answer, you need to assess it properly.
Step 2: Identify which position you are in
Are you already authorised or partnered? Application submitted and conditions met? Or neither? Your position determines your options and your urgency.
Step 3: Understand the jurisdictions that matter for you
If you are licensed, where are you licensed?
Not all NCAs are at the same stage, some have active dual application processes, others are still developing their approach. The jurisdiction question directly affects your timeline and structure. If you still in the process of deciding where to apply for your MiCA license, take this into account as it can significantly affect your timeline and cost.
Step 4: Work out which path fits your business
Dual application, partnership, product redesign, or a combination. The right answer depends on how central payments are to your model, your growth plans, your commercial timeline, and the regulatory environment. There is no universal answer… but there are usually two or three live options worth mapping out properly.
Step 5: Get external eyes on the activity assessment
This is not a document exercise. The functional analysis of the service, and whether it triggers PSD2 obligations is the foundation everything else rests on. Getting it wrong in either direction is costly. If you have not had this reviewed by someone with direct experience of how regulators are applying the EBA guidance in practice, it is worth doing before you decide anything.
If your crypto project touches payments and you want clarity on where you sit, or you already know you have a gap and need help working through it, let’s talk → Marina D’Angelo
At DLT LAW, we help CASPs (and projects considering licensing) assess their activity, understand their options, and navigate the dual licensing process before regulators make the decision for them.
