MiCA for Crypto Service Providers: The Compliance Stack
MiCA puts crypto-asset service providers under a single EU rulebook — with hard obligations for customer due diligence, AML screening, and the Travel Rule. Here is the compliance stack that satisfies them, on one API.
The Markets in Crypto-Assets Regulation (MiCA) ended the patchwork. Where crypto businesses once navigated 27 different national regimes, MiCA gives the EU one rulebook and one passportable authorisation for crypto-asset service providers (CASPs). The trade for that single market is a defined set of obligations — and several of them land squarely on identity, anti-money-laundering, and the movement of funds between wallets.
This guide breaks down the CASP obligations that touch identity and fraud, then maps each one to the concrete checks that satisfy it — KYC, AML screening, the FATF Travel Rule, and on-chain wallet screening — all on one API with published prices.
Key takeaways
- MiCA gives CASPs one passportable EU authorisation in exchange for harmonised obligations on customer due diligence, market abuse prevention, and operational resilience.
- The AML obligations sit alongside MiCA, in the EU's Transfer of Funds Regulation and the AML framework — including the Travel Rule for crypto transfers, with no de minimis threshold.
- KYC at $0.33 for the core onboarding bundle (ID verification, passive liveness, face match, IP analysis) gives every CASP a compliant onboarding flow with sub-2-second verification.
- AML screening at $0.20 per check against 1,300+ watchlists, with ongoing monitoring at $0.07 per user per year, covers sanctions, PEP, and adverse-media obligations.
- The Travel Rule and wallet screening are built into transaction monitoring — originator/beneficiary exchange across TRISA, TRP, and OpenVASP, plus on-chain risk screening from $0.02 per screening (bring-your-own-key).
- Everything runs on the unified
/v3/API — one provider, one integration, public pricing on every module.
What MiCA requires of CASPs
MiCA defines a CASP as any firm providing crypto-asset services — custody, exchange, operation of a trading platform, transfer services, and more — and requires authorisation from a national competent authority before operating. Authorisation comes with continuing obligations. The ones that touch an identity-and-fraud stack are:
- Customer due diligence (CDD). CASPs are obliged entities under the EU AML framework and must identify and verify customers before providing services, on a risk-sensitive basis.
- Sanctions and PEP screening. Customers and, where relevant, counterparties must be screened against sanctions lists, and politically exposed persons must be identified and subject to enhanced measures.
- The Travel Rule. Under the EU Transfer of Funds Regulation, CASPs must collect, verify, and transmit originator and beneficiary information for crypto transfers — the crypto application of the FATF Travel Rule.
- Ongoing monitoring. Obliged entities must monitor the business relationship and transactions on an ongoing basis, not just at onboarding.
- Operational resilience. CASPs also fall under DORA, which adds ICT risk-management and third-party-resilience obligations.
Why it matters
MiCA is not a soft framework. Authorisation is a gate: a CASP that cannot evidence compliant onboarding, screening, and Travel Rule handling does not get to passport across the EU — and an authorised CASP that lets those controls slip risks enforcement. At the same time, crypto onboarding is intensely competitive on conversion. A flow that is compliant but slow loses users at signup.
The stack that wins, then, is one that satisfies every MiCA-adjacent obligation and keeps onboarding fast and cheap. Stitching that together from separate KYC, AML, Travel Rule, and wallet-screening vendors is exactly the operational tax MiCA's single rulebook was meant to reduce — and it is avoidable.
How Didit helps
Didit covers the identity-and-fraud obligations of a CASP on one API, with a published price on every module.
Customer due diligence — KYC at $0.33. The core onboarding bundle pairs ID verification, passive liveness, face match (1:1), and IP analysis for $0.33 per verification, with sub-2-second inference and 200+ fraud signals. It covers 220+ countries and 14,000+ document types — the global reach a passportable CASP needs. NFC chip reading is available at $0.15 for the highest assurance on supported documents.
Sanctions, PEP, and adverse-media screening — AML at $0.20. AML screening runs against 1,300+ watchlists at $0.20 per check, using a two-score model: a match score (name, date of birth, country) and a risk score (category, country, criminality). PEP detection covers levels 1–4 plus relatives and close associates (RCA). For the ongoing-monitoring obligation, daily rescreening costs $0.07 per user per year.
The Travel Rule — built in. The FATF Travel Rule is part of Didit's transaction monitoring: originator and beneficiary data exchange across the TRISA, TRP, and OpenVASP protocols, with six dedicated statuses (UNKNOWN, COMPLIANT, PENDING_ACTION, PENDING_COUNTERPARTY, FAILED, EXEMPT) so every transfer's compliance state is explicit and auditable.
Wallet screening — on-chain risk from $0.02. Crypto transfers can automatically trigger on-chain wallet screening, scoring counterparty addresses 0–100 (LOW/MEDIUM/HIGH/CRITICAL) against 14+ source-of-funds categories — sanctioned entities, ransomware, darknet markets, mixers, stolen funds, and more. Bring-your-own-key with Crystal or Merkle Science runs at $0.02 per screening.
Ongoing monitoring — one engine. Transaction monitoring scores fiat and crypto movements in real time at $0.02 per transaction against 11 built-in rule bundles (including AML/CTF, crypto monitoring, and crypto screening), with built-in case management and a SAR workflow.
Deep dive: mapping the obligation to the check
| MiCA / EU AML obligation | Didit module | Price |
|---|---|---|
| Identify and verify customers at onboarding | KYC core bundle (ID + liveness + face match + IP) | $0.33 / verification |
| Highest-assurance document authentication | NFC chip reading | $0.15 |
| Screen customers against sanctions and PEP lists | AML screening (1,300+ lists, two-score) | $0.20 / check |
| Monitor the relationship on an ongoing basis | Ongoing AML monitoring (daily rescreen) | $0.07 / user / year |
| Transmit originator/beneficiary data for transfers | Travel Rule (TRISA / TRP / OpenVASP) | included in transaction monitoring |
| Assess counterparty wallet risk | Wallet screening (Crystal / Merkle Science) | from $0.02 BYOK |
| Detect suspicious transaction patterns | Transaction monitoring (11 rule bundles) | $0.02 / transaction |
Because all of these run on the unified /v3/ API, the obligations compose: a customer is onboarded with KYC, screened with AML, and then every crypto transfer they make is monitored, Travel-Rule-checked, and wallet-screened — without a second integration.
Use cases
- Exchanges and trading platforms authorising under MiCA that need compliant onboarding plus Travel Rule and wallet screening on transfers.
- On/off-ramps that must verify customers fast at signup and screen counterparty wallets on every fiat-to-crypto movement.
- Custody and wallet providers needing CDD, ongoing monitoring, and source-of-funds analysis under one contract.
- Crypto firms passporting across the EU that want one provider whose coverage spans every member state they serve.
Frequently asked questions
Does MiCA include the Travel Rule?
The Travel Rule for crypto sits in the EU Transfer of Funds Regulation, which applies to CASPs alongside MiCA. There is no de minimis threshold for crypto transfers, so originator and beneficiary information must be handled for transfers regardless of value. Didit builds Travel Rule handling into transaction monitoring.
What KYC does a CASP need under MiCA?
CASPs are obliged entities and must perform customer due diligence — identify and verify customers before providing services, on a risk-sensitive basis. Didit's core KYC bundle (ID, liveness, face match, IP) at $0.33 covers this, with NFC available for the highest assurance.
How does Didit handle sanctions and PEP screening?
AML screening checks customers against 1,300+ watchlists at $0.20 per check, using a match score and a risk score, with PEP levels 1–4 and relatives/close associates. Ongoing monitoring rescreens daily at $0.07 per user per year.
Can I screen counterparty wallets?
Yes. Crypto transactions can trigger on-chain wallet screening that scores addresses against 14+ source-of-funds categories. Bring-your-own-key with Crystal or Merkle Science is $0.02 per screening.
Is everything on one API?
Yes. KYC, AML, Travel Rule, wallet screening, and transaction monitoring all run on the unified /v3/ API with published pricing on each module.
Ready to get started?
See Didit's compliance posture and certifications on the security and compliance hub, explore the crypto-focused setup on the Travel Rule solution page and the Transaction Monitoring product page, and review per-module pricing on the pricing page. When you're ready, start free — 500 free KYC checks every month, and the full MiCA stack on one API.