I remember when EU crypto rules felt like a maze of national variations—no FOMO on compliance here. The Markets in Crypto-Assets Regulation (MiCA) changes the game by creating one rulebook across Europe. I’ll break down how Lithuania has woven MiCA into its law, what you need for a licence, and why swift action is your new best friend.
Overview of MiCA’s roll-out in Lithuania
MiCA (EU) 2023/1114 sets a harmonised framework for crypto-assets across all EU Member States. It’s directly applicable—no extra national red tape—so on June 30, 2024, asset-referenced tokens (ARTs) and e-money tokens (EMTs) went live EU-wide, and on December 30, 2024, the full regime for Crypto-Asset Service Providers (CASPs) kicks in.
Lithuania hit the ground running by passing its Law on Markets in Crypto-Assets on July 11, 2024, naming the Bank of Lithuania as the authority for CASP licences under MiCA Title V. Think of this as Lithuania’s VIP pass to the EU’s unified crypto market—no back-door transpositions needed.
| Date | Scope |
| June 30, 2024 | ARTs and EMTs become effective EU-wide |
| December 30, 2024 | Full CASP governance and conduct rules enter into force |
PRO TIP
Map your offerings to those MiCA phases now—if you plan to issue e-money tokens, have your disclosures and white paper polished by June 2024. That way, you beat the last-minute scramble.
Lithuania’s legal framework and the Bank of Lithuania’s role
Lithuania’s Law on Markets in Crypto-Assets mirrors MiCA Title V, setting out licence criteria, supervisory powers, and penalties. It’s concise yet robust: any CASP must apply for authorisation, adhere to governance standards, and face sanctions if they stray.
The Bank of Lithuania now:
- Authorises and supervises CASPs under Article 62 services.
- Publishes a public register of licences and flags unauthorised players.
- Enforces MiCA’s prudential, governance, and conduct rules.
Here’s the plain-English version: if you’re in crypto services, you’ll deal with one regulator, one rulebook, and one public list. No more juggling multiple agencies.
PRO TIP
Bookmark the Bank of Lithuania’s register page and sign up for its newsletters. Early warning on enforcement trends helps you tweak controls before they become issues.
What you need for a CASP licence
Under MiCA Article 62, every professional crypto-asset service must hold a licence from the Bank of Lithuania. Services include exchanges, custodial wallets, brokers, payment services, portfolio management, and issuance/redemption of ARTs and EMTs.
Your licence dossier must cover six pillars:
| Component | Must-Have Details |
| Program of Activities | Business model, services offered, target markets, EU passport strategy |
| Governance & Fit & Proper | Org chart, board roles, compliance/risk functions, integrity checks |
| Risk Management & AML/CFT | KYC/KYB, transaction monitoring, Travel Rule setup, SAR protocols |
| Technical & Operational Resilience | ICT architecture diagrams, cybersecurity policies, pen-test results, business-continuity plan |
| Capital & Safeguards | Own funds (€50 000–€150 000), client-asset segregation, cold-wallet insurance |
| White Paper & Disclosure (ART/EMT) | Standardised info on token rights, fees, redemption terms, governance, and risk factors |
MiCA’s Travel Rule means you must track transactions across borders—think of it like adding an in-flight tracker to every transfer.
Transitional timeline: Lithuania’s short-track regime
Lithuania opted for one of the shortest MiCA transitions in the EU. The law came in on July 11, 2024, with the full CASP regime effective December 30, 2024.
Existing VASPs had until June 1, 2025 (five months) to apply for a licence. A parliamentary extension pushed the final cut-off to January 1, 2026, but why wait?
| Date | Milestone |
| July 11, 2024 | Law on Markets in Crypto-Assets adopted |
| December 30, 2024 | CASP regime fully applies; licences mandatory |
| June 1, 2025 | Original deadline for existing VASPs to obtain licences |
| January 1, 2026 | Extended deadline to comply or cease operations |
| July 1, 2026 | End of EU-wide grandfathering if no further national extension |
When regulators move fast, you need to move faster. Early submission means you avoid the last-minute rush and any capacity crunch at the Bank of Lithuania.
PRO TIP
Even if you qualify for the extension, submit before December 30, 2024. The Bank of Lithuania’s review slots fill up quickly, so early birds get smoother reviews.
Action checklist for crypto firms in Lithuania
Now that you know the lay of the land, let’s get tactical. Follow these steps to turn MiCA from a headache into a growth engine:
- Gap Analysis
- Compare your current governance, AML/CFT, ICT resilience, and capital frameworks against MiCA and Lithuania’s law.
- Compare your current governance, AML/CFT, ICT resilience, and capital frameworks against MiCA and Lithuania’s law.
- Dossier Drafting
- Assemble your program of activities, governance manuals, ICT schematics, AML/CFT policies, financial projections, and white papers.
- Assemble your program of activities, governance manuals, ICT schematics, AML/CFT policies, financial projections, and white papers.
- Regulator Liaison
- Book a deep-dive call with the Bank of Lithuania. Bring draft documents and be ready to discuss your tech stack.
- Book a deep-dive call with the Bank of Lithuania. Bring draft documents and be ready to discuss your tech stack.
- Internal Training
- Educate your team on reporting duties, breach-notification timelines, and Travel Rule compliance.
- Educate your team on reporting duties, breach-notification timelines, and Travel Rule compliance.
- Ongoing Monitoring
- Track ESMA’s Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS), plus national circulars for updates.
- Track ESMA’s Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS), plus national circulars for updates.
PRO TIP
Use a project-management tool (e.g., Trello, Asana) to track each dossier component, regulator meetings, and training milestones. Transparency equals accountability.
Streamline MiCA compliance with CyberUpgrade
Meeting MiCA’s rigorous requirements—from whitepaper filings to ongoing governance and transparency—often means endless manual tracking and audit prep. CyberUpgrade automates your MiCA workflows with prebuilt templates and real-time Slack or Teams prompts, keeping policies, risk assessments, and evidence audit-ready in one central hub.
Beyond MiCA, CyberUpgrade also supports DORA, ISO 27001, and NIS 2 frameworks, letting you “map once, prove many” across multiple regulations. Automated data extraction, vulnerability scans, and KPI dashboards feed each regulator’s portal seamlessly, reducing manual work by up to 80 %.
With fractional CISO services guiding your continuous monitoring and customizable compliance workflows, you’ll secure faster approvals, avoid fines, and adapt as MiCA and related frameworks evolve—turning compliance from a hurdle into a strategic advantage.
Ready to ride the EU crypto wave?
Lithuania’s swift MiCA adoption means you can gain EU passporting quicker than most. By moving early on licensing, fortifying your governance and AML/CFT controls, and embedding technical resilience, you’ll not only comply—you’ll thrive. So, are you ready to turn MiCA into your launchpad for EU-wide growth? Drop CyberUpgrade a line if you want to talk through how this maps onto your tech stack.
