MiCA Compliance Cost in 2026: CASP Authorisation, Software and Ongoing Spend

There is no single price tag for MiCA compliance. The cost of operating legally under the EU Markets in Crypto-Assets Regulation (Regulation (EU) 2023/1114) depends on which crypto-asset services you provide, what tokens you issue, how many member states you target and how much you build versus buy. This article breaks the cost into the parts you can actually verify, and flags where published figures stop and quote-based pricing begins.

It is a budgeting guide, not legal or financial advice. If you want the software portion scoped to a fixed estimate, see our MiCA compliance software development or run the readiness scorecard.

What drives MiCA compliance cost

Four variables move the number more than anything else:

• Scope of CASP services. Authorisation for custody or operating a trading platform carries higher capital and control requirements than advice or order transmission.
• Token types. Issuing an asset-referenced token (ART) or e-money token (EMT) adds reserve management, redemption and white paper obligations on top of the service layer.
• Jurisdictions. One MiCA authorisation passports across all 27 member states, but the national competent authority you choose sets the fees and supervisory intensity.
• Build versus buy. The biggest swing is whether you build proprietary compliance software, license vendor tools, or start on a licensed CASP-as-a-service partner.

Authorisation and capital cost

MiCA sets minimum own-funds requirements by authorisation class. You must hold the higher of the class floor or 25% of your prior-year fixed overheads (MiCA Article 67 and Annex IV).

Own funds are capital you hold, not a fee you spend. The spend is in getting authorised: drafting the programme of operations and AML programme, plus the application itself. Industry estimates put legal and advisory work to prepare a CASP authorisation in the region of 80,000 to 200,000 euro, with most national application fees in a 5,000 to 25,000 euro range. Several regulators, including Germany’s BaFin, charge time-based rather than fixed fees, so there is no single published number to quote.

Compliance software and tooling cost

This is where build-versus-buy decides the budget. A CASP needs onboarding, screening, monitoring, Travel Rule, proof of reserves and reporting. You can assemble these from vendors, build them, or both.

• KYC and onboarding. Public per-verification pricing starts around 1 to 1.50 US dollars per check (for example Sumsub), scaling with volume.
• Transaction monitoring and analytics (KYT). Chainalysis, TRM Labs and Elliptic price by quote, not a public page. A CASP analytics budget commonly lands in the low-to-mid six figures per year.
• Travel Rule. Notabene and 21 Analytics are subscription, quote-based; budget a five-figure annual subscription.
• Security attestations. A SOC 2 Type II audit fee runs roughly 15,000 to 30,000 US dollars, and 60,000 to 100,000 all-in with readiness, tooling and a penetration test (Secureframe).

For the custom build itself, Pharos Production scopes a focused MiCA compliance system from about 60,000 US dollars for a module set to 500,000 and up for a full CASP or issuer control suite with custody integration and surveillance. The driver is the number of in-scope services, token types and integrations, not headcount.

Ongoing and year-two cost

Authorisation is the start, not the finish. The recurring cost is where most budgets are underestimated.

• DORA operational resilience. The Digital Operational Resilience Act applies to CASPs from 17 January 2025. In a Deloitte survey, 64% of financial entities expected to spend 2 to 5 million euro on DORA readiness.
• Audits and reporting. Annual audit and regulatory reporting are recurring line items, commonly in the tens of thousands of euro per year.
• Staffing. A money-laundering reporting officer, compliance lead and analysts are mandatory roles, not optional ones.
• Model and rule maintenance. ESMA and EBA keep finalising level-2 technical standards, so rule sets need ongoing tuning.

Across these, industry estimates put a mid-sized CASP’s ongoing regulatory operating cost in the region of several hundred thousand euro per year before headcount above the core regulated roles.

Build vs buy vs CASP-as-a-service

Three paths, three cost profiles:

We tell clients honestly when a licensed CASP-as-a-service partner ships faster than a custom build. See the full comparison on our MiCA compliance page, and our RegTech and crypto exchange services for the build path.

The cost of getting it wrong

Under-investing in compliance is the most expensive option. EU enforcement is now live: in November 2025 the Central Bank of Ireland fined Coinbase’s European entity about 21.5 million euro for anti-money-laundering failures, including transaction-monitoring gaps (Irish Times). Globally, Binance settled US charges for over 4.3 billion US dollars in 2023 (US DOJ). DORA breaches carry penalties of up to 2% of annual worldwide turnover.

Market integrity is part of the same picture: an NBER study found more than 70% of reported volume on unregulated crypto exchanges is wash trading, which is exactly what MiCA Title VI surveillance exists to catch.

How to control MiCA compliance cost

The cheapest path is rarely the lowest line item, it is the one that avoids rework and fines. Start with a gap assessment that maps your in-scope services and token types against MiCA, the Transfer of Funds Regulation and DORA, then build in priority order. Wire vendors behind clean abstractions so coverage is a configuration choice. Put every control on one immutable audit trail so authorisation evidence and reporting are a query, not a manual project.

Pharos Production builds MiCA compliance software for CASPs and token issuers, aligned with ISO 27001 and SOC 2. Run the readiness scorecard or request a gap assessment for a fixed-scope estimate in 48 hours. For the obligation-by-obligation view, see our MiCA compliance checklist. We are not a law firm: token classification and CASP authorisation must be confirmed by qualified counsel.