Stablecoin compliance: Which payment APIs have MiCA CASP authorization?

Key takeaways

MiCA's grandfathering period ended July 1, 2026. After that date, any provider offering crypto-asset services in the EU without full CASP authorization cannot legally do so. For compliance teams evaluating stablecoin payment APIs, authorization status is now a binary pass/fail criterion.

This article covers which stablecoin payment infrastructure providers hold confirmed MiCA CASP authorization, what authorization covers (and what it does not), and what the distinction between authorization and a VASP registration means for your compliance posture.

Which payment APIs have MiCA CASP authorization

The table below is based on publicly available company announcements and the ESMA Interim MiCA Register.

Provider	Regulator	Date confirmed	Additional EU authorization
Due (Due Network S.L.)	Spain CNMV	March 2026	Bank of Spain VASP registration
BVNK	Malta MFSA	February 2026	EMI license (Malta); Mastercard acquisition pending
Triple-A	France AMF	May 2026	Payment Institution license (France)
OpenPayd	Malta MFSA	June 2026	—

For any provider not listed here, check the ESMA Interim MiCA Register directly.

What MiCA CASP authorization is (and what it is not)

A CASP (Crypto-Asset Service Provider) authorization under MiCA (EU Regulation 2023/1114) is issued by a national competent authority in one EU member state and passports to all 27 EU member states and the broader EEA. One authorization grants legal authority to offer regulated crypto-asset services across the entire bloc.

The authorization process is demanding. To receive it, a company must demonstrate adequate capitalization, sound governance, robust AML/CFT programs, and fit-and-proper management. National regulators review applications rigorously. The process is closer to obtaining a banking license than completing a standard registration.

CASP authorization is not the same as a VASP registration. Pre-MiCA, EU member states ran their own national virtual asset service provider registrations. These were lighter requirements with no EU passporting rights. MiCA replaced them with a single standard.

Authorization is also not the same as a transitional arrangement. MiCA allowed existing VASP-registered providers to keep operating under national regimes until July 1, 2026, while their applications were processed. Those arrangements expired on July 1. After that date, only fully authorized CASPs may provide regulated crypto-asset services in the EU.

What CASP authorization covers, and where EMI comes in

A CASP authorization covers crypto-asset services specifically: custody, exchange of crypto-assets for fiat, exchange of crypto-assets for other crypto-assets, transfer services, and related activities. It does not automatically cover fiat payment services under PSD2.

For providers offering both stablecoin settlement and fiat rails, the full regulatory picture typically involves two authorizations:

A MiCA CASP authorization for crypto-asset services
An Electronic Money Institution (EMI) or Payment Institution (PI) license for fiat payment services

BVNK holds both a CASP (Malta MFSA) and an EMI (Malta). Triple-A holds both a CASP (France AMF) and a Payment Institution license (France). Due holds a CASP from Spain's CNMV and a Bank of Spain registration for its VASP activity.

When evaluating a provider for a use case that spans stablecoin settlement and local fiat rails, checking both the CASP and the EMI/PI status is the complete due diligence question.

What authorization means for your compliance posture

There are three practical implications for a compliance team selecting infrastructure after July 2026.

Passporting. A CASP authorized in any single EU member state can provide regulated crypto-asset services across all 27 member states and the EEA without additional national applications. This is the structural advantage that full CASP authorization provides over a legacy VASP registration or a transitional arrangement. Due is authorized in Spain. BVNK and OpenPayd in Malta. Triple-A in France. All passport EU-wide.
Counterparty risk. Using a provider without confirmed CASP authorization after July 1 creates regulatory exposure for your own EU operations. Your compliance team's due diligence documentation should include a confirmed authorization reference, not just a commercial claim of MiCA compliance. The ESMA register provides this reference.
Stablecoin selection. CASP authorization governs services, not the assets those services handle. Separately, USDT does not meet MiCA's requirements for electronic money tokens (EMTs) and has been delisted from major EU exchanges. For EU crypto-asset flows, USDC (issued by Circle, a MiCA-compliant entity) is the current primary compliant stablecoin option.

How Due fits in

Due received MiCA CASP authorization from Spain's CNMV in March 2026. The authorized entity is Due Network S.L. (CIF B16407272). Due is one of the first non-bank CASPs to receive this authorization.

The authorization covers the exchange of crypto-assets for fiat currency and the exchange of crypto-assets for other crypto-assets. For fintechs, neobanks, and crypto exchanges building on Due's API, this means those flows are handled by a provider assessed by the CNMV to the same standards applied to traditional financial institutions.

Due's CASP authorization is combined with its broader infrastructure: 80+ country coverage across SEPA, ACH, PIX, SPEI, Faster Payments, mobile money, and SWIFT, plus virtual accounts in EUR, GBP, USD, MXN, AED, BRL, and more.

For more detail on what the authorization covers, see Due receives MiCA authorization from Spain's CNMV. For the full regulatory framework context, see MiCA Regulation: EU Crypto Asset Framework for Payment Companies.

‍Book a demo to understand how Due's authorization applies to your specific EU corridors.

Download Due & Move Money Without Borders