I still remember when the Markets in Crypto-Assets Regulation (MiCA (EU) 2023/1114) was finalized—everyone in the industry knew change was coming. On 30 December 2024, the EU-wide rulebook for crypto-asset issuers and service providers kicked in. Croatia answered with its own Implementation Act on 12 July 2024, so you now have clear local rules alongside the EU standard.
In this article, I’ll walk you through how MiCA landed in Croatian law, the licensing path you need to follow, key deadlines on your calendar, and the practical steps you must take right now to turn compliance into a competitive edge.
Overview of MiCA and its transposition in Croatia
MiCA sets out transparency, consumer-protection, and operational-resilience rules for crypto services across the EU. While the Regulation applied directly from 30 December 2024, Croatia needed to assign supervisory powers and detailed procedures.
That’s where the Zakon o provedbi Uredbe (EU) 2023/1114 (MiCA Implementation Act) comes in. It gives HANFA (the Croatian Financial Services Supervisory Agency) authority to license and supervise crypto-asset service providers and tasks HNB (the Croatian National Bank) with overseeing issuers of Asset-Referenced Tokens (ARTs) and E-Money Tokens (EMTs).
By embedding MiCA into domestic law, Croatia ensures you know exactly what paperwork, fees, and enforcement powers to expect. No more guessing games.
Licensing requirements for crypto-asset service providers in Croatia
Getting your licence under Croatia’s MiCA framework comes down to understanding three pillars: what services you offer, how and when to apply, and what evidence you must provide. Let’s unpack each of these so you can start drafting your dossier today.
Defining your services: Scope of authorisation
Under MiCA Article 62 and Croatia’s Implementation Act, any entity professionally providing crypto-asset services must hold authorisation. That covers:
- Centralised trading venues and alternative trading systems
- Custodial wallet providers
- Brokers and order-execution services
- Transfer services (including swaps and payment facilitation)
- Portfolio management and advisory services
- Issuers of ARTs and EMTs (the latter registered with HNB)
Ask yourself: does your business model touch client crypto-assets or advice? If yes, you need a licence.
PRO TIP
Run a quick gap analysis against MiCA’s Article 62 categories to decide if you should carve out certain services or bundle them under one licence to optimize costs.
Timing your submission: Application process and transition dates
HANFA will publish bylaws (detailing dossier requirements and fees) by end-2024. Formal licence submissions open 1 January 2025. Key dates to lock into your project plan:
- 30 December 2024: MiCA’s anti-money-laundering and know-your-customer (AML/KYC) rules, including the Travel Rule, plus consumer-protection measures, go live across the EU.
- 1 January 2025: You can formally submit your CASP licence application in Croatia.
- 1 July 2026: The 18-month transition ends. Any existing VASPs without full MiCA authorisation must pause operations or face enforcement.
Missing these milestones isn’t an option.
PRO TIP
Book a pre-application call with HANFA in Q4 2024. Having early clarity on your dossier roadmap will slash back-and-forth once applications open.
Proving your readiness: Core dossier and prudential Criteria
When you sit down to fill out the application, include:
- Program of Activities: Lay out your business model, services, client segments and geographic reach in detail.
- Governance & Fit & Proper: Show your organisational chart, clearly defined roles, and integrity assessments for directors with crypto expertise.
- Risk Management & AML/KYC: Describe customer-due-diligence (CDD) procedures, transaction monitoring, and Suspicious Activity Report (SAR) workflows aligned with the Travel Rule and Croatian AML law.
- Technical & Operational Resilience: Include ICT-architecture diagrams, cybersecurity controls, penetration-testing reports, and business-continuity plans.
- Financial Resources: Prove you have the minimum own funds (€50 000–€150 000, tiered by services) and custodial insurance (e.g., cold-wallet coverage).
- White Paper & Disclosure (for ART/EMT issuers): Provide standardized disclosures on rights, fees, governance, redemption rights and risk factors.
No shortcuts here—every item shows HANFA you’re serious.
PRO TIP
Contract an external penetration-testing firm now to generate fresh reports. Outdated security tests can trigger follow-up questions that slow your approval.
Implementation timeline and key milestones
To keep your project on track, sync your internal deadlines with these regulatory milestones.
| Date | Milestone |
| 12 July 2024 | Croatian MiCA Implementation Act adopted by Parliament |
| End 2024 | Expected issuance of bylaws detailing licensing procedures and fees |
| 30 December 2024 | EU-wide MiCA regime applies; AML/KYC (incl. Travel Rule) in force |
| 1 January 2025 | Formal start of CASP licence applications in Croatia |
| 1 July 2026 | End of transition; pre-MiCA VASP registrations expire if not authorised |
PRO TIP
Create a mirrored timeline for your internal project management tool—assign owners and deadlines for each task so nothing slips through the cracks.
What crypto firms in Croatia must do next
I’ve seen firms stall by treating MiCA as a checkbox exercise. Instead, tackle these areas head-on to turn compliance into an advantage.
Early regulator engagement builds confidence
Secure pre-application meetings with HANFA for your services and with HNB for token issuance. These sessions aren’t just bureaucratic rites—they’re your chance to test your dossier outline and address any supervisory questions.
Holistic AML/KYC and travel rule integration
MiCA’s strengthened Travel Rule messaging needs to sit alongside Croatia’s existing anti-money-laundering and counter-financing-of-terrorism (AML/CFT) regime. Build unified systems for transaction screening and real-time messaging.
Cultivating a fit & proper culture
Appoint board members with proven crypto and compliance chops, and designate a head compliance officer. Document your conflict-of-interest and outsourcing policies, then bake them into your corporate governance manual.
Strengthening operational resilience and cybersecurity
Regular penetration tests, redundant infrastructure and clear incident-reporting protocols are non-negotiable. MiCA requires robust business-continuity plans, so don’t let your IT architecture diagrams gather dust.
Capital planning and insurance
You need your own funds between €50 000 and €150 000 depending on services. On top of that, shop for custodial insurance now—market capacity is tightening under MiCA’s new requirements.
Tapping into EU passporting
Once authorised in Croatia, you can passport your services across the EU without fresh licences. That’s a huge growth lever—just don’t ignore localized disclosure requirements in your target markets.
Tailoring your white paper disclosures
MiCA’s template is solid, but local investors often have questions about redemption mechanics and governance. Customize your white paper to pre-empt common queries.
Avoiding penalties and enforcement action
Under MiCA, fines can hit 5 % of your annual turnover or €5 million per infringement. Croatia may lay on administrative sanctions for procedural slip-ups.
PRO TIP
Schedule quarterly compliance audits with external counsel to catch procedural gaps before they trigger enforcement.
Streamline MiCA Compliance with CyberUpgrade
Meeting MiCA’s rigorous requirements—from whitepaper filings to ongoing governance and transparency—often means endless manual tracking and audit prep. CyberUpgrade automates your MiCA workflows with prebuilt templates and real-time Slack or Teams prompts, keeping policies, risk assessments, and evidence audit-ready in one central hub.
Beyond MiCA, CyberUpgrade also supports DORA, ISO 27001, and NIS 2 frameworks, letting you “map once, prove many” across multiple regulations. Automated data extraction, vulnerability scans, and KPI dashboards feed each regulator’s portal seamlessly, reducing manual work by up to 80 %.
With fractional CISO services guiding your continuous monitoring and customizable compliance workflows, you’ll secure faster approvals, avoid fines, and adapt as MiCA and related frameworks evolve—turning compliance from a hurdle into a strategic advantage.
Looking ahead: Making compliance your competitive edge
By embedding MiCA’s governance, AML/KYC, prudential and resilience requirements into your DNA, you’ll not only tick regulatory boxes—you’ll build trust with customers, partners and regulators alike. I’m here to help you navigate these waters and turn compliance into a growth driver. Curious how this applies to your firm? Reach out to CyberUpgrade—let’s make your MiCA journey smooth and successful.
