​We appreciate when people and companies use the information we produce. Thank you.  What we ask is that when doing so, you ensure that we are credited in a prominent part of your post or visual (not in a comment or at the end of the post). 

​Yesterday we blogged about the release by Fintech Ireland of its Regulated Fintechs (EMoney, Payments & AISPs) in EEA Visual (repeated below).  That Visual presented the top 10 EEA jurisdictions for regulated payment services as at 30 September 2025 and comprised of authorised emoney institutions, authorised payments institutions and registered account information services providers (but not CASPs/VASPs).

In yesterday's post we promised to publish more information including data on the number of crypto-asset service providers authorised in the EU (& EEA) and also a combination of the two datasets to give a clear picture of the Top 10 EU Jurisdictions for the licensing of these innovative firms.

Firstly, here is a reminder of yesterday's Visual to set the context:

From the Visual above we see that the top 10 jurisdictions for Regulated Fintech (being authorised emoney, authorised payments and registered AISPs) are: Lithuania (106), France (102), Germany (94), The Netherlands (88), Spain (80), Sweden (78), Malta (58), Ireland (57), Poland (56) and Italy (55).

You can find yesterday's blog here and the associated Linkedin Post here.

The total number of authorised crypto-asset services providers in the EU (and the EEA) is 64 as at 29 September 2025 spread across 12 member states. The eagle-eyed amongst you may note that ESMA's register contains 65 entries.  However on closer inspection, when one looks at the data recorded for German CASPs, one will note the name and LEI of one entity being repeated (i.e. Crypto Finance (Deutschland) GmbH). When stripped out that means that Germany (BaFIN) has authorised 19 entities as CASPs (not 20). 

In the next Visual immediately below one will see the EU (and EEA) jurisdictions where a CASP is authorised. Germany sets the pace with 19 CASP authorisations and is immediately followed by The Netherlands with 14.  These two countries are the only ones where there are more than 10 CASPs authorised and they represent more than 50% of total authorised CASPs. Thereafter we have France with 7, Malta with 6 and 3 each in Spain, Cyprus Luxembourg and Finland.  The final 4 countries making up list are Ireland and Austria with 2 CASPs each and Lithuania and Slovenia with 1 each.  

Since the last time we examined the number of authorised CASPs in the EU - back on 1 April - the number of authorisations reported to ESMA by NCAs increased 400% (albeit from a low base 😉 ). And Ireland authorised two CASPs in that period - both being entities within the Kraken crypto group (not a duplication!).

A special blog is needed to examine the present position in Lithuania.  Lithuania is home to literally hundreds of virtual asset services providers (VASPs). Is it not thus surprising that only one CASP has been authorised in Lithuania despite a massive VASP base?

​If we combined the number of CASP authorisations with Payments authorisations (i.e. authorised emoney, authorised payments and AISP registrations) we land at the following table.

​From the table above, by combining both payments and CASPs into one dataset produces a new Top 10 of EU Jurisdictions. 

Germany comes out as the clear leader with a combined number of 113.  Lithuania, which is in No. 1 for payments & emoney drops to 3rd place with a combined tally of 107.  France comes in at No. 2 with 109. The larger number of authorised CASPs in Germany and France, 19 and 7 respectively, far exceeding the single CASP authorisation in Lithuania. The Netherlands has also accelerated its authorisation of CASPs, hitting 15 such authorisations bringing its combined total up to 103. Spain and Sweden come in at 5th and 6th place with 83 and 78 respectively. As we head down the chart, we find that Malta continues to cement its place as a leading fintech hub with a combined total of 64.  Since the last time we examined in detail ESMA's CASP authorisation data back on 1 April 2025, Malta has only increased by (net) one authorisation. After Malta we find Ireland in 8th place at 59, then Poland with 56 in  9th place and closing the Top 10 with a respectable figure of 55 is Italy.  You probably noted that Sweden, Poland and Italy make-up the Top 10 without a single CASP between them.

In the past 6 months (from 1 April to 30 September 2025) ESMA's records of authorised CASPs jumped 400% from 16 to 64.  Back on 1 April the only countries that had notified ESMA of having authorised a CASP were Malta, the Netherlands, Cyprus, Luxembourg, Spain and Germany.  In the past 6 months the following countries commenced authorising CASPs France, Lithuania, Ireland, Finland, Austria, Slovenia. As we head closer to the end of transitional periods in Europe through which VASPs seek to become authorised CASPs, we should expect to see dozens of new CASPs being authorised in Europe.

​If you found this information useful, you know what to do.  Please go visit the Likedin Post and like the post, reshare the post and/or comment.

​​

• Sign up to our Newsletter here.
• Need assistance with an emoney or payments authorisation or an account information service provider or virtual asset services provider registration application, check out Fintech Ireland and CompliReg's handy authorisation guides at https://fintechireland.com/fintech-authorisations.html. 

Of the many points made by ESMA in its letter, the following ones caught our eye.

 

1. NCAs (national competent authorities) need to establish as early as possible their supervisory procedures related to the authorisation regimes set out in the MiCA Regulation, including simplified authorisation procedures for entities already authorised to provide crypto-asset services under national law.
2. each Member State to designate without delay the NCAs responsible for carrying out the functions and duties provided for in the MiCA Regulation.
3. that NCAs are granted adequate powers and resources to exercise their supervisory, investigative and enforcement responsibilities.
4. ESMA is concerned that an extensive use of the grand-fathering clause for entities already providing crypto-asset services would weaken the effectiveness of the MiCA rulebook. This is because the clause may allow these entities to continue operating for up to 18 months in accordance with applicable national laws.

• Copy of ESMA 17 October 2023 letter - HERE
  
• Linkedin Post - HERE