5 Key Factors
- In 2026, the term VASP in Lithuania no longer reflects the primary regime for market access. The transitional period ended on 31 December 2025 – after that date, providing crypto-asset services without MiCA authorisation in Lithuania is illegal financial activity. The simplified VASP registration model has been replaced by a full CASP licensing regime.
- The Bank of Lithuania acts as the licensing and supervisory authority for crypto companies, maintains a dedicated authorisation framework, publishes FAQs and licensing rules, and indicates a review period for a complete application of 40 business days with the possibility of extension in certain cases. Lithuania has already issued several CASP authorisations under MiCA.
- The regulator expects not a formal document package but a genuinely functioning operational model: governance, internal controls, AML/CTF, sanctions screening, safeguarding of client assets, qualified management, and IT readiness. The era of “thin shell” crypto companies without real substance in Lithuania is definitively over.
- Although the old VASP regime has receded, a number of practical elements remain critical for the new process: the Lithuanian corporate structure, AML framework, governance, ownership disclosure, source of funds, and internal controls. Companies with experience under the former regime can adapt existing work to MiCA requirements.
- Company in Lithuania UAB (company code 304377400) supports non-residents of Lithuania at every stage of the transition from VASP to CASP: from company registration and governance structuring to AML documentation preparation, licensing application coordination, and ongoing corporate support.
For several years, Lithuania was one of the most popular jurisdictions in Europe for crypto business registration. Thousands of companies from around the world obtained VASP status, attracted by a relatively straightforward process and a low entry threshold. In 2026, this model no longer works.
The full entry into force of MiCA and the end of the transitional period on 31 December 2025 transformed Lithuania’s crypto market from a zone of simplified registration into a fully regulated financial sector. For non-residents, this means a fundamental reassessment of approach: instead of VASP registration, CASP authorisation from the Bank of Lithuania is now required.
This article is a practical checklist for non-resident crypto companies: what has changed, what remains relevant, what the regulator requires, and how to prepare for the new regime.
Why the Old “VASP Registration in Lithuania” Model Is No Longer Enough
The transitional period ended on 31 December 2025. From 2026 onward, providing crypto-asset services in Lithuania without MiCA authorisation is treated as illegal financial activity. Companies that operated under the former VASP registration were required to either obtain a full CASP licence or cease operations.
For non-residents who associate Lithuania with “quick VASP registration,” this is a fundamental change. A discussion of crypto business in Lithuania in 2026 is no longer about registration – it is about fully regulated entry to the European crypto market.
What Changed in Lithuania: From National VASP Setup to MiCA CASP Authorisation
The former model was built around AML registration: the company was entered into the register, fulfilled basic AML requirements, and could provide crypto-asset services. The entry threshold was low, the process was fast, and supervision was limited.
MiCA replaced this model with full authorisation. A crypto company in Lithuania now undergoes a procedure comparable in depth to the licensing of payment or electronic money institutions: assessment of governance, capital, management qualifications, the AML/CTF system, safeguarding, IT security, and operational readiness. The Bank of Lithuania is the central authority that reviews applications, assesses applicants, and makes decisions on CASP authorisation.
Who Regulates Crypto Businesses in Lithuania in 2026
The Bank of Lithuania (Lietuvos bankas) is the licensing and supervisory authority for crypto companies under MiCA. The regulator maintains a dedicated authorisation framework for CASPs, publishes FAQs and licensing rules, conducts preliminary consultations with applicants, and assesses companies before they begin providing services.
The Bank of Lithuania has already issued several CASP authorisations under MiCA, confirming that the new regime is fully operational. For non-residents, this means the process is established and predictable – provided the application is well prepared.
Which Crypto Businesses Need a CASP Licence
The CASP regime applies to companies providing specific types of crypto-asset services: custody and administration of crypto-assets, exchange of crypto-assets for fiat currencies, exchange of crypto-assets for other crypto-assets, transmission and execution of orders for crypto-assets, and other services defined by MiCA.
Qualification depends on the actual business model, not on the project’s name or marketing description. For non-residents, a legal analysis of the model is a mandatory first step: it determines whether CASP authorisation is needed, what licence scope is required, and which requirements apply.
What Remains Relevant from the Old VASP Era
Although VASP registration as a market access regime is no longer in effect, a number of practical elements from the former model remain critical for the new process. The Lithuanian corporate structure (UAB) remains the foundation for obtaining authorisation. The AML framework – policies and procedures developed for VASP can be adapted to MiCA requirements. Governance readiness – prior work on corporate governance retains its value. Ownership disclosure and source of funds – transparency requirements for owners and the origin of funds have only become stricter. Internal controls – monitoring and reporting systems from the VASP period can serve as the foundation for an expanded compliance architecture.
For companies that already held VASP status in Lithuania, the transition to CASP is not building from scratch but a serious upgrade of existing infrastructure.
Core Compliance Expectations for Crypto Companies in Lithuania
The Bank of Lithuania expects not a formal document package but an operational model capable of meeting compliance obligations on an ongoing basis. Key areas include governance – a clear organisational structure with separation of functions and a decision-making system. Internal controls – controls covering all critical processes. AML/CTF – a comprehensive anti-money laundering and counter-terrorist financing system. Sanctions screening – checking clients and transactions against sanctions restrictions. Source-of-funds review – verification of the origin of client funds. Operational substance – genuine presence and operational readiness in Lithuania. Management quality – qualified directors capable of managing a regulated financial business.
Crypto Compliance Checklist for 2026
This is a practical checklist for non-residents preparing for CASP authorisation in Lithuania.
Corporate structure – a Lithuanian legal entity (UAB) is registered and ready for operations. Shareholders and UBO review – shareholders and ultimate beneficial owners are identified and disclosed. Source of funds – the origin of funds for capital and operations is documented. Qualified management – qualified directors, a compliance officer, and an AML officer are appointed. AML/CTF framework – customer identification, transaction monitoring, and internal reporting policies are developed and implemented. Risk assessment – a risk assessment adapted to the specifics of the crypto business is conducted. Internal controls – an internal control and reporting system is in place. Safeguarding model – the mechanism for protecting client crypto-assets and funds is defined. Outsourcing map – all outsourced functions are described, contracts are prepared, and responsibilities are allocated. IT and operational readiness – systems architecture, security policies, and a business continuity plan are documented. Licensing documents – the complete application package is compiled. Post-licensing reporting readiness – the company is prepared to fulfil post-licensing reporting and supervisory obligations.
Corporate Structure and Substance in Lithuania
For a crypto business in Lithuania, what matters is not only the incorporation documents but genuine corporate substance. This means local presence – an actual establishment where required. Governance chain – a transparent decision-making chain from shareholders through the board to the operational level. Responsible managers – individuals who genuinely make decisions and bear accountability. Documentary traceability – a documented trail of all key decisions and operations.
The era of the “thin shell crypto company” in Lithuania is definitively over. The regulator assesses not only the presence of documents but the reality of the structure behind them.
AML, Sanctions and Risk Controls
Lithuanian regulators consistently associate the crypto sector with elevated AML/TF, fraud, and sanctions risks. This shapes expectations for a crypto company’s AML infrastructure.
The practical AML stack includes onboarding and KYC – identification and verification of clients before services are provided. Transaction monitoring – real-time transaction monitoring with configured rules and triggers. Suspicious activity escalation – escalation and reporting procedures when suspicious activity is detected. Sanctions screening – automated screening of clients and counterparties against sanctions lists. Staff training – regular AML/CTF training for employees. Record-keeping – document retention in accordance with established periods.
Management, Owners and Fit-and-Proper Assessment
The CASP regime in Lithuania involves verification of the quality not only of documents but of the people behind them. The Bank of Lithuania directly addresses suitability questions in its FAQ for applicants.
The assessment covers beneficial owners and shareholders – reputation, origin of funds, absence of criminal convictions and regulatory sanctions. Directors and key function holders – qualifications, professional experience, reputation, and the ability to manage a regulated business. Collective management adequacy – the management team’s overall ability to ensure effective and safe governance of the company.
For non-residents, this means that selecting and preparing the management team is a critical stage that directly affects the outcome of the application review.
Safeguarding, Outsourcing and Operational Setup
The Bank of Lithuania’s FAQ specifically highlights safeguarding of clients’ crypto-assets and funds as one of the key assessment areas. The company must ensure reliable segregation of client assets from its own and protection against insolvency or fraud risks.
The question of outsourcing custody and administration also falls within the area of heightened scrutiny. If the company delegates critical functions to third parties, it retains full responsibility and must ensure control, reporting, and compliance of outsourcing providers with regulatory requirements.
Safeguarding and outsourcing are not secondary details – they are part of core licence readiness.
Documents Required for a CASP Application in Lithuania
The application package is compiled as a comprehensive dossier. Its structure includes the application form – a prescribed form. Programme of operations – a description of service types and target markets. Business model description – a detailed description of the business model, strategy, and financial projections. Governance and organisational chart – the organisational structure and management system. AML documentation – a complete set of AML/CTF policies and procedures. Safeguarding description – a description of the mechanism for protecting client assets. Outsourcing information – data on outsourced functions and providers. Managers’ questionnaires – questionnaires for directors and key function holders. Supporting evidence – other supporting documents as requested by the regulator.
How Long Does the Transition from VASP to CASP Take
It is important to distinguish between two concepts: having prior VASP status in Lithuania and the actual timeline for obtaining MiCA authorisation.
The Bank of Lithuania indicates a review period for a complete application of 40 business days with the possibility of extension in certain cases. However, this is the formal period from the point at which the application is deemed complete. The real end-to-end timeline includes pre-application preparation: corporate structure, governance, AML documentation, safeguarding, IT infrastructure, management team formation, and often remediation of regulator comments.
For companies that already have a Lithuanian structure and VASP experience, preparation may take less time. For non-residents starting from scratch, the process will be longer.
What Are the Main Risks for Companies That Delay Compliance
Delaying preparation creates concrete consequences. Inability to continue operations legally – from 2026 onward, operating without authorisation is illegal. Risk of being classified as an illegal financial service provider – with all attendant legal consequences. Loss of clients – users migrate to licensed providers. Problems with banks and counterparties – financial institutions refuse to work with unlicensed companies. Reputational damage – inability to confirm legal status to partners and clients.
For non-residents, every month without authorisation is a compounding legal and commercial risk.
Can Lithuania Still Be a Good Jurisdiction for Crypto Businesses in 2026
Yes, Lithuania remains relevant. The Bank of Lithuania maintains an active MiCA licensing framework, has already granted CASP authorisations, and provides a predictable process. The country’s infrastructure, access to SEPA and CENTROlink, and a well-developed fintech ecosystem create favourable conditions.
However, Lithuania can no longer be positioned as an “easy VASP jurisdiction.” The correct framing is: Lithuania is a jurisdiction for prepared, compliance-ready crypto businesses aiming at EU operations. For non-residents, the advantage lies in the regulator’s experience and access to the EU market through passporting.
How to Prepare a Crypto Business for the Lithuanian Market
The practical sequence for non-residents is as follows: analyse the business model and determine whether CASP authorisation is required. Build the Lithuanian corporate structure (UAB). Prepare AML and governance documentation. Collect documentary evidence – source of funds, ownership disclosure, management qualifications. Engage with the regulator – pre-application consultation. Prepare for ongoing compliance after authorisation – reporting, monitoring, and policy updates.
How We Help with Crypto Compliance and Company Setup in Lithuania
Company in Lithuania UAB supports non-residents at every stage of the transition from VASP to CASP. We handle the registration of the Lithuanian company (UAB), structuring of shareholders and governance, pre-licensing legal review of the business model, preparation of AML and internal documentation, coordination of the CASP application preparation and submission, and ongoing corporate and compliance support in Lithuania.
Contact Company in Lithuania UAB – our legal team will analyse your business model and help you prepare for CASP authorisation in Lithuania.