I’ve watched startups get blindsided by fresh regulations more than once. With the Markets in Crypto-Assets Regulation (MiCA (EU) 2023/1114) now live, you need a rock-solid understanding of how it applies directly in Greece and what Law 5193/2025 adds to the mix.
In this deep dive, I’ll break down licensing requirements, transitional “grandfathering,” dossier must-haves, and key milestones—so you can skip the compliance panic and focus on growth.
Why MiCA applies directly in Greece, no more guesswork
MiCA creates a harmonized EU rulebook for crypto-assets not covered by existing financial-instruments laws like the Markets in Financial Instruments Directive II (MiFID II), the Capital Requirements Directive/Regulation (CRD/CRR), or Solvency II.
As of 30 June 2024, rules on asset-referenced tokens (ARTs) and e-money tokens (EMTs) took effect EU-wide, with full Crypto-Asset Service Provider (CASP) licensing, supervision, and conduct rules kicking in on 30 December 2024.
In Greece, MiCA is directly applicable: the Hellenic Capital Markets Commission (HCMC) oversees CASP authorisations, while the Bank of Greece handles prudential supervision for ART/EMT issuers.
PRO TIP
Bookmark the HCMC’s guidance portal and sync your calendar to its workshops—early intel from their Q&As can spotlight interpretation nuances before you file.
Greece’s Law 5193/2025 explained: So you know exactly who’s watching
To give MiCA teeth locally, Greece enacted Law 5193/2025 on 11 April 2025. This law confirms the HCMC as the CASP authoriser and the Bank of Greece for ART/EMT prudential oversight.
It also clarifies that crypto-assets treated as financial instruments, deposits, or insurance products remain under MiFID II, CRD/CRR, or Solvency II, respectively.
Finally, civil and criminal sanctions now apply for unlicensed service provision, white-paper misstatements, and insufficient disclosures.
| Aspect | Details |
| Competent Authorities | HCMC for CASP licensing; Bank of Greece for ART/EMT prudential supervision |
| Scope Clarifications | Crypto-assets as financial instruments/deposits/insurance products remain under MiFID II, CRD/CRR, Solvency II |
| Sanctions | Civil fines and criminal penalties for unauthorised services, misrepresentations, and poor disclosures |
PRO TIP
Dive into Law 5193/2025’s penalty tiers so you can calibrate your compliance budget against real-world risk—understanding maximum fines is half the battle.
Securing your CASP licence: What you must know from day one
Under MiCA Article 2(1), any entity “professionally providing one or more crypto-asset services” must hold CASP authorisation. Regulated services range from centralized exchanges and custodial wallets to portfolio advice and crypto-fiat conversions.
Once you submit a complete dossier, the HCMC has two months to confirm receipt and aims to finish substantive review within 40 working days. For ART/EMT issuers, the Bank of Greece may take up to 60 working days.
| Service Category | Examples |
| Trading Venues | Centralized crypto exchanges, alternative trading systems |
| Custodial Wallet Providers | Hosted wallet platforms, cold-storage solutions |
| Brokers & Order Execution | Brokerage interfaces, smart-order routing |
| Transfer & Payment Services | Crypto-fiat conversions, cross-border crypto remittances |
| Portfolio Management & Advice | Discretionary portfolio services, crypto investment guidance |
| ART/EMT Issuance & Redemption | Token minting, burning, and redemption frameworks |
PRO TIP
Draft your corporate-governance framework (board charters, conflict-of-interest policies) in tandem with your business model to speed up any follow-up queries from the HCMC.
Grandfathering your pre-MiCA operations, time is ticking
MiCA offers an 18-month transitional regime for Virtual Asset Service Providers (VASPs) registered under AML Law 4557/2018.
In Greece, that means existing HCMC-registered VASPs can operate until 30 December 2025, provided they file a full MiCA licence application by then.
Alternatively, the EU-wide default lets you run under your old authorisation until 1 July 2026 if you apply by 30 December 2024.
PRO TIP
Even if you qualify for grandfathering, submit early. Building a buffer for missing docs or unanticipated regulatory queries can save your operations from a cliff-edge scramble.
Building your core authorisation dossier
MiCA demands a robust package. Your dossier must include a program of activities that outlines your services and passporting plans. You also need to submit an organisational chart complete with fit-and-proper attestations.
Your AML/Counter-Financing of Terrorism (AML/CFT) policies must demonstrate integration with MiCA’s Travel Rule. Be sure to include ICT-architecture diagrams and resilience plans to showcase your technical preparedness.
You’ll also need to prove that you meet the tiered own-funds requirements (€50 000–€150 000). Finally, if you’re an ART/EMT issuer, you must provide a compliant white paper.
| Component | Key Deliverables |
| Program of Activities | Detailed business model, services, target markets, cross-border passporting |
| Governance & Fit & Proper | Organisational chart, conflict policies, senior-management integrity attestations |
| AML/CFT & Travel Rule | Customer-due-diligence, transaction monitoring, reporting to Hellenic FIU |
| Technical & Operational Resilience | Cybersecurity protocols, penetration-testing reports, business-continuity and disaster-recovery plans |
| Capital & Financial Resources | Tiered own funds, client-asset segregation mechanisms, professional-indemnity or cold-wallet insurance |
| White Paper & Disclosure (ART/EMT) | Standardised disclosures on token rights, governance, fees, redemption, risk factors, and reserve-mechanism overviews |
PRO TIP
Run an external audit on your ICT and AML/CFT sections before submission—an outside lens can catch blind spots that derail authorisation.
Key dates you can’t miss
Stay on top of these critical milestones to keep your licensing and compliance timeline on track.
| Date | Milestone |
| 30 June 2024 | ART/EMT provisions take effect EU-wide |
| 30 December 2024 | Full CASP licensing, supervision, and conduct rules enter into force |
| 11 April 2025 | Publication of Law 5193/2025 in Government Gazette |
| 30 December 2025 | End of Greece’s transitional period for pre-MiCA VASPs |
| 1 July 2026 | End of EU-wide default grandfathering for all pre-MiCA VASPs |
PRO TIP
Plug these milestones into your project management software now and assign clear owners—deadlines in black and white keep teams accountable.
What you need to nail for ongoing compliance
Get proactive with the HCMC and Bank of Greece by joining guidance sessions and Q&As. Beef up your KYC and transaction-monitoring to satisfy the Travel Rule and Greek AML frameworks. Formalise a compliance culture—appoint a dedicated officer, codify conflict-of-interest rules, and train your team on reporting and breach protocols.
Plan for supervisory fees, own-fund requirements, and insurance, and tailor your white paper with Greece-specific disclosures like local tax treatment and language requirements.
PRO TIP
Host cross-departmental workshops (legal, IT, ops) to map responsibilities and ensure everyone speaks the same compliance language—prevents siloed delays when time’s up.
Next steps for crypto firms
Start with a gap analysis against MiCA and Law 5193/2025 for AML/KYC, governance, and ICT controls. Draft your program of activities, governance manuals, AML/CFT policies, technical schematics, and white papers.
Schedule pre-application meetings to lock in dossier formats and fee structures. Train staff on MiCA obligations and breach notifications. Finally, monitor ESMA’s delegated acts, HCMC circulars, and Greek crypto tax legislation—staying ahead of updates is your secret weapon.
PRO TIP
Build a living compliance dashboard tracking dossier milestones, regulatory alerts, and training completions—visibility keeps your team agile and audit-ready.
Streamline MiCA compliance with CyberUpgrade
Meeting MiCA’s rigorous requirements—from whitepaper filings to ongoing governance and transparency—often means endless manual tracking and audit prep. CyberUpgrade automates your MiCA workflows with prebuilt templates and real-time Slack or Teams prompts, keeping policies, risk assessments, and evidence audit-ready in one central hub.
Beyond MiCA, CyberUpgrade also supports DORA, ISO 27001, and NIS 2 frameworks, letting you “map once, prove many” across multiple regulations. Automated data extraction, vulnerability scans, and KPI dashboards feed each regulator’s portal seamlessly, reducing manual work by up to 80 %.
With fractional CISO services guiding your continuous monitoring and customizable compliance workflows, you’ll secure faster approvals, avoid fines, and adapt as MiCA and related frameworks evolve—turning compliance from a hurdle into a strategic advantage.
Ready to turn compliance into competitive edge?
Aligning with MiCA and Law 5193/2025 isn’t just about ticking boxes. It’s your chance to cement operational resilience, foster trust, and unlock seamless EU passporting. By embedding robust governance, technical safeguards, and a proactive compliance culture, you’ll transform regulation from a hurdle into your firm’s strategic differentiator. Let’s make Greece your launchpad for EU-wide crypto success.
