Do Crypto Companies Need a License to Operate in France?

Yes, they do. Any company offering crypto services in France must obtain authorization as a Crypto-Asset Service Provider (CASP). This requirement comes from the EU’s MiCA (Markets in Crypto-Assets) regulation, which applies across all member states. Without this license, a crypto business is not allowed to legally operate or serve customers in France.

What is MiCA and Why is it Important?

MiCA is a European regulation that standardizes crypto rules across the EU. It ensures that all crypto firms follow the same requirements for transparency, security, and consumer protection. For businesses, this means one license can allow them to operate across the EU – but only if they meet strict compliance standards.

What Happens if a Crypto Company Doesn’t Comply?

If a company fails to get a CASP license before the deadline, it must stop operating in France. Regulators have made it clear that non-compliant firms may face shutdowns, fines, or even legal penalties.

How Can Crypto Firms Stay Compliant Long-term?

Compliance is ongoing, not a one-time task. Companies must: Continuously monitor transactions Update AML/KYC procedures Report suspicious activities Maintain strong internal controls Many firms rely on third-party tools like ours for identity verification and fraud prevention to stay aligned with evolving regulations.

PSAN Requirements for French Crypto Firms

France has long positioned itself as one of the more crypto-forward countries in Europe. While other EU member states were still debating how to approach digital assets, France was already building a dedicated regulatory framework. That ambition gave birth to the PSAN requirements – and for crypto firms operating in the country, understanding what it demands is no longer optional.

If you are running a crypto exchange, offering custody services, or building a platform that converts digital assets to fiat, the PSAN requirements framework directly impacts how your business operates.

What Is a PSAN, Exactly?

PSAN stands for Prestataire de Services sur Actifs Numériques – or Digital Asset Service Provider in English. The status was created under France’s PACTE Law of 2019, making France one of the first EU countries to establish a formal licensing framework for crypto businesses.

Since January 1, 2020, any company looking to offer the following services must register with the Autorité des Marchés Financiers (AMF) – France’s financial markets authority:

Purchase and sale of crypto assets against legal tender
Custody of digital assets on behalf of clients
Trading of digital assets for other digital assets
Operation of a crypto trading platform

Operating without registration is not just risky from a reputational standpoint; it also carries criminal penalties of up to 2 years in prison and fines of up to €30,000.

By late 2025, roughly 117 PSANs were registered with the AMF. That number might sound manageable, but it is only a fraction of total applications – the AMF rejects or pushes back on many filings, which says a lot about how seriously it takes the review process.

The Two-Tier Registration Structure

One thing that often catches firms off guard is that registration under the PSAN requirements is not a single-tier process. There are two distinct levels, and understanding the difference matters.

Simple registration was the original entry point – a lighter-touch process for firms that applied before certain transition deadlines. Companies that obtained simple registration before January 1, 2024, are grandfathered under those original rules. However, this path is now effectively closed for new applicants.

Enhanced registration (enregistrement renforcé) became mandatory from January 1, 2024, for any new provider wanting to offer the four core digital asset services: custody, crypto-to-fiat exchange, crypto-to-crypto trading, and operation of a trading platform. Enhanced registration aligns with MiCA requirements and comes with significantly more demanding compliance obligations.

There is also an optional licensing tier (agrément), which goes beyond enhanced registration. Licensed DASPs must maintain either professional indemnity insurance or a minimum level of own funds, have higher capital buffers depending on the services offered, and demonstrate stronger governance frameworks. The trade-off? Licensed status positions a firm as a more credible market player and smooths the path to MiCA authorization.

Related: [Understanding KYC and MiCA]

Core Compliance Obligations Under the PSAN Framework

What does it actually take to meet PSAN requirements?

AML/CFT Compliance

Anti-money laundering and counter-terrorism financing (AML/CFT) obligations are at the heart of PSAN registration. French PSANs must implement robust KYC procedures for all customers, conduct ongoing transaction monitoring, and report suspicious activity to TRACFIN – France’s financial intelligence unit.

This is where many firms underestimate the workload. AML obligations do not stop at onboarding. They require continuous screening against sanctions lists, politically exposed persons (PEP) databases, and adverse media – a level of ongoing vigilance that demands both the right tooling and internal processes to back it up.

Firms dealing with institutional clients or corporate counterparties face an additional layer of scrutiny. KYB verification – the process of validating the legal identity, ownership structure, and beneficial ownership of business clients – is increasingly expected as part of enhanced due diligence. For any crypto platform onboarding other companies, exchanges, or investment vehicles, skipping this step creates serious regulatory exposure.

Cybersecurity Requirements

The AMF published dedicated cybersecurity requirements for DASPs through Instruction DOC-2019-24, which was later updated to reflect enhanced registration standards. These cover areas such as data protection, system resilience, incident response, and access controls.

Cybersecurity is not often the first thing compliance teams think about when preparing a PSAN application, but it’s a meaningful chunk of what the AMF evaluates. The regulator wants to see that firms have thought through how they protect client assets and data – not just on paper, but in practice.

Governance and Fit-and-Proper Tests

The people running a PSAN matter. Key officers and board members are subject to fit-and-proper assessments, and the AMF will scrutinize the professional background, qualifications, and integrity of anyone in a leadership role. Firms with convoluted ownership structures or unclear beneficial ownership chains tend to face lengthy back-and-forth with the regulator.

Financial Resources

Capital requirements vary depending on which services a firm offers and whether it pursues enhanced registration or full licensing. At a minimum, there must be sufficient own funds to cover operational risks and, for licensed DASPs, either professional indemnity insurance or a prescribed capital floor.

PSAN and the MiCA Transition

Here’s where things get particularly important for 2025 and 2026. The EU’s Markets in Crypto-Assets (MiCA) regulation became fully applicable across all member states on December 30, 2024. With that, MiCA effectively replaced the national PSAN requirements regime as the primary authorization framework for new crypto service providers in France.

New providers entering the French market can no longer apply for registration under the PSAN requirements; they must seek authorization directly as a Crypto-Asset Service Provider (CASP) under MiCA.

For existing PSANs registered or authorized before December 30, 2024, France established an 18-month transitional period. These firms can continue operating under their existing PSAN status until July 1, 2026, or until they receive (or are refused) MiCA authorization – whichever comes first. Crucially, during this period, firms are limited to the service scope originally approved under their PSAN requirements registration.

The upside of MiCA authorization is significant: approved CASPs gain EU passporting rights, allowing them to offer services across all 27 member states without needing separate national licenses. For French crypto firms with European ambitions, this is a meaningful incentive to pursue authorization proactively rather than waiting until the last minute.

Most firms should budget three to six months for the transition, depending on how well-documented their existing compliance infrastructure is. Given that the deadline is July 1, 2026, firms without a clear migration plan are already running behind.

What Gets Applications Rejected?

The AMF’s rigorous review process means many applications do not make it through on the first attempt. The most common failure points include:

Incomplete AML/CFT documentation. Vague policies that don’t describe actual procedures in detail are a red flag. The AMF wants to understand precisely how a firm identifies its customers, screens for risks, monitors transactions, and escalates concerns.
Unclear beneficial ownership. Firms that can’t clearly demonstrate who ultimately owns and controls the business – down to ultimate beneficial owners (UBOs) holding 25% or more – tend to face significant pushback. This is particularly true for firms with multi-layered corporate structures or international parent companies.
Inadequate cybersecurity governance. Submitting a generic IT security policy without evidence of actual implementation rarely passes muster.
Weak financial projections. The AMF looks at whether a firm’s capital base is proportionate to its intended activities. Underestimating operating costs or overstating revenue projections in the business plan raises questions about viability.

Preparing for What Comes Next

For crypto firms operating in or entering the French market, the message is clear: compliance is not a checkbox. The PSAN requirements framework – and now MiCA – demands that AML programs, identity verification processes, and governance structures are genuinely fit for purpose, not just technically present.

Firms that built strong compliance foundations under PSAN will find the MiCA transition far more manageable. Those who treated registration as a formality are likely to find the coming months uncomfortable.

Conclusion

The shift from a national licensing regime to an EU-wide one also changes the competitive landscape. With passporting rights on the table, French PSANs that successfully complete MiCA authorization won’t just be compliant – they’ll be positioned to scale across the entire European single market.

That is a significant prize. But it requires investing in compliance infrastructure that can hold up under observation, not just today, but as regulatory expectations continue to evolve.