To verify whether a crypto trading platform holds a MiCA license, the essential process is to search the Crypto-Asset Service Providers (CASP) register published by the European Securities and Markets Authority (ESMA) using the legal entity name or Legal Entity Identifier (LEI), and to cross-check each authorization field. Entities not listed in the register should not be considered MiCA-authorized.
Under the MiCA EU Crypto Regulation framework, crypto-asset service providers must apply for authorization with the competent authority in an EU member state. ESMA centrally publishes this authorization information in accordance with Article 109 of Regulation (EU) 2023/1114. When the brand name, domain, and contracting entity differ, users cannot complete compliance verification using only marketing materials.
The ESMA official website’s MiCA section is the primary source for MiCA authorization information. This page offers five types of CSV files. The fourth, “Crypto-Asset Service Providers (Title V),” lists authorized CASPs; the fifth, “Non-Compliant Entities,” includes unauthorized service providers reported by regulators. Both should be referenced during verification.
ESMA publishes the data as an interim register, updated periodically with information provided by competent authorities from member states. Individual member states also maintain their own whitelists for supplementary checks, but the ESMA register serves as the unified EU index for cross-border verification.
The field description file for the ESMA interim CASP register CSV defines each column. Key fields to review are: legal entity name, LEI, trade name, home competent authority, authorization date, authorized services, passporting member states, and authorization withdrawal date (if applicable).
Authorized services for CASP Crypto-Asset Service Providers are classified according to the regulatory annex. Typical categories include custody and administration of crypto-assets, operation of a trading platform, exchange between crypto-assets and funds, exchange between crypto-assets, execution of client orders, and transfer services on behalf of clients. Service codes in the register must correspond to the platform’s actual offerings.
| Core Field | Key Verification Point |
|---|---|
| Legal Entity Name | Must match contract, privacy policy, and LEI records |
| Legal Entity Identifier (LEI) | 20-character unique ID; cross-checkable with GLEIF |
| Trade Name | User-facing brand name; may differ from legal name |
| Home Competent Authority | Full name of authorizing regulator |
| Authorization Date | Date authorization became effective |
| Authorized Services | Map each service to actual platform functions |
| Passporting Member States | EU/EEA countries where services are legally provided |
| Authorization Withdrawal Date | If present, authorization is no longer valid |
The table above summarizes the CASP register’s core fields. For example, Gate Technology Limited’s legal entity name is Gate Technology Limited, LEI is 984500D6A0F945BB5A15, home competent authority is the Malta Financial Services Authority (MFSA), authorization date is September 29, 2025, and authorized services include custody and administration, platform operation, two-way exchange, order execution, and transfer services.
A platform’s brand name, app icon, and domain are not necessarily the same as the MiCA-authorized legal entity name. First, locate the full name of the contracting entity in the platform’s legal documents, then search for this name in the ESMA CASP CSV.
If the legal documents do not disclose the entity name, try searching by LEI. Enter the LEI into the GLEIF database to retrieve the legal entity’s registered name and location, then compare with the ESMA register. Be mindful of spelling variations: differences in suffixes (e.g., Limited), punctuation, or spacing may cause search failures. It’s advisable to try all three methods—legal entity name, LEI, and trade name.
Figure 1. Seven-step MiCA CASP license verification workflow: from opening the ESMA page and downloading the CASP CSV, to searching for the legal entity, checking the LEI and competent authority, confirming authorized services and passporting member states, and cross-checking the non-compliant entities list.
The authorized service list in the register defines the types of crypto-asset business a CASP is legally permitted to conduct; this does not necessarily cover all features offered by the platform. Map each service code to the corresponding product: spot trading corresponds to platform operation and order execution; fiat on/off ramp to exchange between crypto-assets and funds; wallet custody to custody and administration; on-chain transfers to transfer services.
Some CASPs are only authorized for specific services. Before using features such as leverage, derivatives, staking, or wealth management, confirm that these are within the authorized scope listed in the register. Gate Technology Limited’s MFSA authorization covers custody, platform operation, two-way exchange, order execution, and transfer services. For any features beyond this scope, verify the providing entity separately.
MiCA authorization uses a single passport mechanism: after a CASP is authorized by its home competent authority, it can notify and offer services in other EU and EEA member states. The MiCA passporting mechanism explains the notification process and coverage; the “Passporting Member States” field in the ESMA register lists all countries where services are legally permitted.
Verify that the user’s country appears in this list. Gate Technology Limited’s passporting list covers 27 EU countries and 3 EEA countries, totaling 29 member states. Passporting does not mean global compliance; countries not listed require compliance with local laws and regulatory frameworks. The list of licensed crypto exchanges in Europe provides a reference for major authorized entities.
Crypto trading platforms typically use a unified brand for global users, but MiCA authorization is tied to a specific legal entity. The same brand may have multiple regional entities, each subject to their own jurisdiction’s regulatory requirements.
Gate’s EU business is operated by Gate Technology Limited, which is authorized under MiCA by the MFSA and registered with ESMA. Contracting entities in other jurisdictions may be separate legal entities, and their regulatory status is not automatically linked to MiCA authorization.
Figure 2. Structural differences between MiCA licensed legal entities and global brand entities: legal entity name, LEI, competent authority, and authorized services are listed in the ESMA register, while the brand name and app icon may not match the licensed entity.
Common errors in MiCA license verification can all be avoided by consulting the ESMA register.
| Common Mistake | Actual Situation |
|---|---|
| Brand name equals licensed entity | Must verify legal entity name and LEI; trade name is only supplementary |
| “MiCA compliant” on marketing is proof of authorization | Only ESMA-listed authorizations are valid |
| Passporting covers the globe | Passporting is limited to 27 EU and 3 EEA countries |
| Authorization covers all crypto business | Each item in the authorized service list must be verified |
| Legacy license during transition equals MiCA | Transition rules vary; MiCA authorization record is definitive |
The table above lists five common mistakes. Information from marketing pages, social media, or third-party aggregators cannot replace ESMA register verification. If an entity appears in the “Non-Compliant Entities” CSV, treat it as an unauthorized service provider flagged by regulators.
The repeatable MiCA license verification process is: open the ESMA MiCA section → download the CASP authorization CSV → search by legal entity name or LEI → check the home competent authority and authorization date → review the authorized service list → confirm passporting member states → cross-check the non-compliant entities list. Gate Technology Limited (MFSA, September 29, 2025) can be used as a reference: legal entity name, LEI, six authorized services, and passporting to 29 countries can all be individually verified in the register. Always distinguish between licensed legal entities and global brand entities; MiCA protections only apply to the authorized entities, services, and passporting countries listed in the register.
Download the “Crypto-Asset Service Providers” CSV from the ESMA MiCA section and search using the legal entity name or LEI disclosed in the platform’s legal documents. If a matching record exists and the authorization withdrawal date is blank, the entity holds a MiCA license; if not, it is not licensed. Also check the “Non-Compliant Entities” CSV to exclude unauthorized service providers.
The ESMA register is available on the official ESMA website’s MiCA section. The page provides five CSV download options: the fourth for authorized CASPs, the fifth for non-compliant entities. Data is updated periodically based on member state submissions.
MiCA authorization is tied to the legal entity (e.g., Gate Technology Limited), not the user-facing brand name (e.g., Gate). The same brand may be operated by multiple legal entities across regions; only the legal entity, authorized services, and passporting countries listed in the register are subject to MiCA. Verification should be based on the contracting party in the legal agreement and the ESMA register.
Authorized services are classified according to the MiCA regulation annex and typically include custody and administration, operation of a trading platform, crypto-asset exchange, order execution, and transfer services. Each item in the register corresponds to a business type the CASP is legally permitted to conduct; platform features outside this scope are not covered by MiCA authorization.
The passporting member states field lists the EU and EEA countries where a CASP can legally provide services under the MiCA single passport mechanism. After home country authorization, a CASP can notify and operate in other member states. Users must ensure their country is included in this field to receive MiCA consumer protection and compliance benefits.
Common mistakes include: searching by brand name instead of legal entity, equating “compliant” claims on marketing pages with ESMA authorization, ignoring the authorized service list, assuming passporting is global, and failing to check the non-compliant entities list. The correct approach is to use the ESMA CASP CSV as the authoritative source, cross-check with the LEI, and verify the contracting entity with the platform’s legal documents.





