MiCA and PSD2: Is Your Crypto Business Facing a Hidden Regulatory Trap in the Czech Republic?
How to Avoid Dual Licensing and Million-Euro Fines
If you are a foreign company operating a crypto-asset business in the Czech Republic, this article provides clear answers to the complex overlap between the new MiCA and PSD2 regulations. We explain the hidden risk of needing two separate licenses and the severe financial penalties involved. For any foreign company seeking an English-speaking lawyer or a leading Czech law firm in Prague, EU, to secure your crypto-asset operations, this guide is your essential first step.
Need advice on this topic? Contact the ARROWS law firm by email office@arws.cz or phone +420 245 007 740. Your question will be answered by "Mgr. Marek Hučík", an expert on the subject.
The New Crypto Reality: What is MiCA and Why Does It Matter for Your Business in the Czech Republic?
The era of light regulation for crypto-asset businesses in the Czech Republic is over. The European Union's Markets in Crypto-Assets Regulation (MiCA) has established a unified and strict licensing regime, fundamentally changing the operational landscape for all market participants. For foreign businesses, this presents both a significant compliance challenge and a strategic opportunity.
MiCA (Regulation (EU) 2023/1114) aims to harmonize rules across the EU, replacing fragmented national approaches with a single, comprehensive framework designed to protect consumers, ensure market integrity, and foster innovation in a secure environment. In the Czech Republic, this EU-wide regulation has been implemented through the national Digital Finance Act (Act No. 31/2025 Sb.), which came into force on February 15, 2025.
This new legislation designates the Czech National Bank (CNB) as the primary supervisory authority for the crypto-asset market. The previous, simpler registration process for a Virtual Asset Service Provider (VASP) has been replaced by a rigorous authorization procedure for becoming a Crypto-Asset Service Provider (CASP). This is not a minor paperwork update; it is a paradigm shift demanding a level of operational maturity, governance, and financial stability comparable to traditional financial institutions.
Any business providing services such as crypto-asset custody, operating a trading platform, exchanging crypto for fiat currency, or managing crypto portfolios must now obtain a CASP license from the CNB. For existing providers who were operating before December 30, 2024, there is a critical deadline: you must submit your application for a CASP license by July 31, 2025. Meeting this deadline allows you to continue operating under a "grandfathering" clause until a decision is made, but no later than July 1, 2026. Missing this deadline means you must cease your operations.
Strategically, the Czech Republic has positioned itself as a stable entry point into the EU market. Unlike other member states such as Germany or the Netherlands which opted for shorter transitional periods, the Czech Republic implemented the full 18-month grace period. This provides foreign businesses with a longer and more predictable runway to achieve full compliance, making Prague an attractive and secure European base for your crypto operations.
The Hidden Danger: Could You Unknowingly Need Two Licenses?
The most significant regulatory challenge for many crypto businesses is a hidden trap: the overlap between MiCA and the EU’s revised Payment Services Directive (PSD2). If your business model involves stablecoins pegged to a fiat currency, you could be deemed both a CASP under MiCA and a Payment Institution under PSD2. This creates the risk of needing two separate, costly, and complex licenses to perform a single business function.
This issue centers on a specific category of crypto-assets known as e-money tokens (EMTs). Under MiCA, an EMT is defined as a crypto-asset that aims to maintain a stable value by referencing a single official currency, such as a Euro-pegged or Dollar-pegged stablecoin. Crucially, MiCA explicitly states that EMTs "shall be deemed to be electronic money". This legal classification is the source of the conflict.
Because EMTs are legally considered "e-money," they also qualify as "funds" under PSD2. Consequently, providing services that involve the transfer of EMTs on behalf of a client can be legally classified as a "payment service". This means a single transaction, such as transferring a customer's Euro-stablecoin from one wallet to another, could subject your business to two complete regulatory frameworks simultaneously, a scenario known as "dual authorization".
Based on recent guidance from the European Banking Authority (EBA), the following activities involving EMTs are considered payment services and are at high risk of requiring a PSD2 license:
- Providing custody and administration of EMTs in a wallet that allows users to send and receive tokens to and from third parties.
- Executing the transfer of EMTs on behalf of clients.
However, the EBA has also clarified that certain activities are exempt from PSD2, including the service of exchanging crypto-assets for fiat currency or for other crypto-assets, and intermediating the purchase of other crypto-assets with EMTs.
FAQ – Legal tips about regulatory overlap
- We offer a custodial wallet for various crypto-assets, including a Euro-stablecoin. Are we affected?
Yes, very likely. If your wallet allows users to send and receive that stablecoin to third parties, the CNB may consider it a "payment account" under PSD2, triggering additional licensing needs. For a detailed analysis of your specific setup, contact us at office@arws.cz. - Our platform only allows users to trade Bitcoin for Euro-stablecoins. Do we need a PSD2 license?
Based on current EBA guidance, the service of "exchange of crypto-assets for other crypto-assets" is not considered a payment service. However, the regulatory landscape is complex and evolving. To confirm your status, get a legal opinion by writing to office@arws.cz. - What exactly is an "e-money token" (EMT)?
An EMT is a crypto-asset (stablecoin) that is pegged to a single official currency, like the Euro or US Dollar. If you handle these types of assets, you are at the center of the MiCA/PSD2 overlap. Need help classifying the assets on your platform? Email our experts at office@arws.cz.
What Are the Real Risks of Non-Compliance?
Ignoring these new regulations is not a viable business strategy. The Czech Digital Finance Act grants the Czech National Bank significant enforcement powers, and the penalties for non-compliance are severe enough to threaten the existence of your business. The financial, operational, and reputational damage from a regulatory breach can be irreversible.
The financial penalties for MiCA violations are substantial. For legal entities, the CNB can impose fines of up to CZK 355,425,000 (approximately €14.1 million) or 15% of your total annual turnover, whichever is higher. This is not a theoretical risk; it is a clearly defined penalty that regulators are empowered to use.
Beyond fines, the CNB can take direct action against your operations. This includes the power to issue interim measures, freeze your company's assets, and order an immediate cessation of all business activities. A failure to comply can also lead to the outright refusal or revocation of your CASP license, effectively barring you from the entire EU market. Furthermore, non-compliant entities can be publicly named on a register maintained by the European Securities and Markets Authority (ESMA), causing irreparable damage to your reputation with customers, partners, and investors.
|
Risks and Penalties |
How ARROWS Helps |
|
Operating without a CASP license after deadlines: The CNB can order an immediate shutdown of your business and freeze assets. |
CASP License Application: We manage the entire application process with the CNB to ensure you meet all deadlines. Need help with your license? Write to office@arws.cz. |
|
Massive Financial Penalties: Fines of up to €14.1 million or 15% of your annual turnover for MiCA violations. |
Regulatory Compliance Audit: We assess your business model to identify and mitigate compliance gaps before they become costly. Get your audit started at office@arws.cz. |
|
Dual Licensing Trap: Incurring double the costs and administrative burden by needing both MiCA and PSD2 licenses without a clear strategy. |
Legal Opinion: We provide a detailed legal analysis of your services to determine your precise licensing obligations under both regimes. Clarify your status by emailing office@arws.cz. |
|
Public Reputational Damage: Being listed on ESMA's public register of non-compliant entities, destroying trust with customers and investors. |
Representation before Authorities: We communicate with the CNB and other regulators on your behalf to manage inquiries and protect your reputation. For representation, contact us at office@arws.cz. |
|
Refusal of License: Submitting an incomplete or non-compliant application, leading to a refusal and inability to operate in the EU. |
Drafting Legally Required Documentation: Our team prepares the comprehensive documentation required by the CNB, from your business plan to internal AML policies. Get your documents in order at office@arws.cz. |
A Way Forward: How New EBA Guidance Offers a Temporary Solution
Recognizing the immense burden that dual licensing would place on the industry, the European Banking Authority (EBA) issued a crucial "No Action Letter" in June 2025. This guidance provides a temporary, though complex, pathway for CASPs handling EMTs. It offers a grace period for obtaining a PSD2 authorization but requires immediate strategic planning and compliance with certain key PSD2 rules.
The EBA has advised national regulators like the CNB not to enforce the requirement for a PSD2 license for CASPs providing EMT-related payment services until March 2, 2026. This is a critical delay, but it is not a permanent exemption. After this date, your business must either hold a full Payment Institution license, partner with a licensed provider, or cease offering the affected EMT services entirely.
Crucially, this transitional period is not a complete regulatory holiday. The EBA distinguishes between rules that can be deprioritized and those that remain mandatory. While supervision of certain PSD2 requirements like safeguarding and detailed fee disclosures may be relaxed, regulators are advised to insist on immediate compliance with others, most notably Strong Customer Authentication (SCA) and robust fraud reporting mechanisms. SCA, which typically involves two-factor authentication for transactions and account access, is a non-negotiable security standard.
This transitional period should be viewed as a strategic planning window. Businesses that use this time wisely will secure their long-term future, while those who delay will face a compliance crisis in early 2026. Navigating guidance from the European Banking Authority requires deep, cross-border legal knowledge. As an international law firm operating from Prague, European Union, with the ARROWS International network built over 10 years, we are uniquely positioned to interpret these EU-level directives and apply them to your specific situation in the Czech Republic.
Our experts on the subject:
A further hidden complexity lies in capital requirements. The EBA's guidance suggests that the capital requirements from MiCA and PSD2 should be applied on a cumulative basis. This means a business budgeting for MiCA's €125,000 capital requirement could be surprised by an additional €125,000 requirement for a PSD2 license, effectively doubling the amount of capital that must be set aside. Early and expert financial regulatory planning is essential to avoid this pitfall.
|
Risks and Penalties |
How ARROWS Helps |
|
Misinterpreting the "No Action Letter": Assuming all PSD2 rules are suspended until 2026, leading to non-compliance with mandatory provisions like SCA. |
Legal Analysis: We provide a clear breakdown of which PSD2 rules you must comply with now and which are deprioritized. Want to understand your obligations? Email us at office@arws.cz. |
|
Failing to Prepare for the 2026 Deadline: Not starting the PSD2 licensing process in time, leading to a forced cessation of EMT services in March 2026. |
Strategic Legal Planning: We help you develop a long-term compliance roadmap, including preparing your future Payment Institution license application. For immediate assistance, write to us at office@arws.cz. |
|
Underestimating Cumulative Capital: Failing to budget for the combined capital requirements of both MiCA and PSD2, leading to a funding crisis. |
Financial Regulatory Consultation: We advise on the specific capital requirements for your business model to ensure you are financially prepared. Get tailored legal solutions by writing to office@arws.cz. |
|
Non-Compliance with Strong Customer Authentication (SCA): Facing CNB penalties and liability for fraud by not implementing this mandatory security measure. |
Drafting Internal Company Policies: We help you draft and implement internal policies that meet the stringent SCA requirements under PSD2. Need legal help? Contact us at office@arws.cz. |
How Can You Secure Your Business and Avoid Fines? A 3-Step Plan
Navigating this complex environment requires a proactive and structured approach. Here is a practical 3-step plan that foreign businesses can follow to achieve compliance, secure their operations in the Czech Republic, and avoid costly penalties.
Step 1: Conduct an Urgent Regulatory Assessment
The first step is to gain absolute clarity on your regulatory exposure. You must conduct a thorough analysis of your business model to determine if you offer services involving EMTs that could be classified as payment services. This assessment will define your risk profile and dictate your licensing strategy.
Our legal team can conduct a comprehensive audit of your services to provide a definitive answer on your obligations under both MiCA and PSD2. This initial legal analysis is the foundation of your compliance strategy. To begin your assessment, contact us at office@arws.cz.
Step 2: Prioritize Your MiCA (CASP) License Application
Regardless of the PSD2 issue, the MiCA license is mandatory. The July 31, 2025, application deadline for existing businesses is non-negotiable and requires significant preparation. You will need to compile extensive documentation covering your business plan, proof of capital, fit-and-proper declarations for management, detailed governance policies, and a robust IT security framework.
The CASP application is an extensive legal and administrative project. ARROWS law firm can manage this entire process for you, from drafting the necessary documentation to liaising directly with the CNB. Our lawyers are ready to assist you – email us at office@arws.cz.
Step 3: Develop Your Post-2026 PSD2 Strategy
Based on the outcome of your assessment in Step 1, you must decide on your long-term strategy for PSD2 compliance. Your options include applying for a full Payment Institution license, finding a licensed third-party partner to handle payment services, or pivoting your business model away from regulated EMT activities. You must use the current transitional period to prepare for this decision.
Strategic decisions require expert legal foresight. We provide legal consultations to help you choose the most commercially viable path for your business post-2026, whether that involves contract drafting for a partnership or preparing a second license application. Do not hesitate to contact our firm – office@arws.cz.
What’s the Next Step? Your Partner in the Czech Republic
The regulatory landscape for crypto-assets in the Czech Republic is now one of the most complex in the world. Attempting to navigate the dual challenges of MiCA and PSD2 without expert local counsel is a significant business risk. ARROWS is the partner you need to ensure compliance, mitigate risk, and secure your business future in the EU.
As a leading Czech law firm in Prague, EU, we combine deep knowledge of local CNB requirements with a nuanced understanding of EU-level directives from bodies like the EBA. Our team has extensive experience helping foreign companies establish and operate successfully in the Czech market. ARROWS supports over 150 joint-stock companies and 250 limited liability companies and operates in 90 countries worldwide through our international network. We have the experience and scale to handle your most complex regulatory challenges.
Don't let regulatory uncertainty put your business at risk. Contact our team of experts today for a confidential consultation on your specific situation. For immediate assistance, write to us at office@arws.cz.
FAQ – Most Common Legal Questions About MiCA and PSD2 Compliance
1. We are a non-EU company with Czech customers. Do these rules apply to us?
Yes. MiCA and the Czech Digital Finance Act apply to any entity providing crypto-asset services in or to the Czech Republic. Operating without a license is a serious violation. To understand your specific cross-border obligations, contact our international team at office@arws.cz.
2. What is the absolute final deadline for my existing crypto business to be licensed?
You must apply for a MiCA (CASP) license by July 31, 2025. If you do, you can continue operating until a decision is made, but no later than July 1, 2026. After that date, operating without a full CASP license is illegal. Don't wait until the last minute; start the process now by emailing office@arws.cz.
3. Does this MiCA/PSD2 issue apply if we only deal in Bitcoin and Ethereum, not stablecoins?
The dual licensing risk specifically relates to e-money tokens (EMTs), which are fiat-pegged stablecoins. If you do not handle EMTs, you will likely only need a MiCA (CASP) license. However, a legal review is essential to confirm this. Get certainty by contacting us at office@arws.cz.
4. What are the minimum capital requirements I need to meet?
For a MiCA (CASP) license, it ranges from €50,000 to €125,000 depending on your services. If you also need a PSD2 license, these requirements may be cumulative, potentially doubling the amount. For a precise calculation for your business, get tailored legal solutions by writing to office@arws.cz.
5. Can ARROWS handle the entire license application process with the CNB for us?
Yes. We provide comprehensive legal services, including preparing all required documentation, drafting internal policies, and representing your company before the Czech National Bank throughout the entire licensing process. To get started, please contact our firm at office@arws.cz.
6. What is "Strong Customer Authentication" (SCA) and is it mandatory for us?
SCA is a security requirement under PSD2, typically involving two-factor authentication for payments and account access. The EBA has advised that this is a mandatory requirement for CASPs handling EMTs, even during the transitional period. Need help implementing compliant procedures? Our lawyers are ready to assist you – email us at office@arws.cz.