Applicable Regime The legal text that grounds it all — scope & territorial reach | | | |
Risk Level How critical non-compliance is for your activity | High | High | High |
OUTPUTS — What you must do |
Licences Required The concrete authorizations you must obtain | - 🪪CASP
- Passport across all EU-27 Member States once granted (Art. 65)
| - 🪪CASP
- Passport across all EU-27 once granted
| - 🪪CASP
- 🪪EMI
- Payment institution authorisation under PSD2 (or future PSD3) for fiat payment services
|
Key Obligations Daily compliance duties (KYC, AML, Travel Rule…) | - KYC/KYB per AMLD6 + EU AML Package 2024
- AML/CFT program
- MiCA whitepaper for non-listed tokens (already-traded exemption Art. 4(2) for XRP/BTC/ETH)
- Capital min. €125K (CASP exchange tier — Art. 67)
- FATF Travel Rule >€1K (TFR Reg. 2023/1113)
- Market abuse rules (MiCA Art. 80+)
- Governance & fit-and-proper (Art. 68)
- Environmental impact disclosure (Art. 66)
| - Strict client-asset segregation (Art. 75(7))
- Client agreement specifying rights + liabilities (Art. 75(2))
- Liability for loss of clients' crypto-assets (Art. 75(8))
- ICT risk + cybersecurity (DORA, applicable from Jan 2025)
- Insurance / capital coverage proportional to assets under custody
- Quarterly reporting to home NCA
- ICT third-party risk management
| - Customer fund segregation (PSD2 Art. 10)
- KYC/AML per AMLD6 + EU AML Package 2024
- Travel Rule >€1K via TFR Reg. 2023/1113
- MiCA Art. 66 marketing rules for the crypto leg
- Strong Customer Authentication (PSD2 SCA)
- Capital min. €350K (EMI) / €125K (CASP)
|
CONTEXT — When, how much, with whom |
Estimated Timeline How long to obtain the licence + go live | 6–18 months (depends on chosen NCA — LT fastest, IE/LU/MT slower) | 9–18 months | 12–24 months |
Estimated Cost Licence fees + capital + ongoing costs | €50K–€500K (varies by hub: LT cheapest, IE/LU more expensive) | €150K–€700K (capital + insurance + ICT) | €350K–€1M+ (capital + governance + dual-licence stack) |
Regulator The body that supervises and issues the licence | 🏛️ESMA🏛️NCA | 🏛️ESMA🏛️NCA | 🏛️ESMA🏛️NCA |
XRPL-Specific Note How this plays out on XRPL specifically | XRPL has a native DEX (order book built into the protocol). A front-end DApp accessing it for EU users still needs CASP if it routes orders or controls funds — independent of which NCA issues the licence. | On XRPL: SignerList majority + Single Key + IOU gateway models = custodial under MiCA Art. 75. Multi-sig SignerList (minority service participation) + non-custodial wallets = outside Art. 75 scope. MPC/TSS = grey zone (Art. 75 likely applies if service can sign alone). | XRPL Payment Channels enable off-ledger settlement — no CASP for the channel itself but conversion to fiat at exit triggers EMI / CASP. RLUSD on XRPL is the EMT-compliant payment-token reference. |
