How to Get a Web3 Game Developer License: Step-by-Step (2026)

There is no single “Web3 game license.” What you need depends on what your game does. For most Web3 game studios serving EU players, the relevant authorisation is a CASP (Crypto-Asset Service Provider) license under the EU’s MiCA regulation. This guide walks through exactly how to get one.

First: What Kind of License Does a Web3 Game Actually Need?

The term “web3 game developer license” doesn’t map to a single official document. Different features trigger different regulatory requirements:

• Custodial wallets (you hold player assets) → CASP license, custody service
• In-game NFT or token marketplace → CASP license, trading platform operation
• Player token withdrawals → CASP license, transfer service
• Token rewards with real market value → Likely CASP scope depending on structure
• Purely internal game currency, no withdrawal → Generally outside CASP scope

If your game triggers any of the first four, you need CASP authorisation under MiCA to legally serve EU players. Here’s how to get it.

Step 1: Audit Your Game Mechanics

Before you contact a lawyer or a regulator, map every feature in your game against the list of CASP-regulated services defined in MiCA Article 3(1)(16).

Go through each feature:

• Does it involve holding crypto-assets on behalf of players?
• Does it allow player-to-player trading of tokens or NFTs?
• Does it allow token withdrawals to external wallets?
• Does it allow token-to-fiat or token-to-token exchange inside the game?

Anything that answers yes is a regulated service. Document it. This list becomes the foundation of your CASP application. Regulators will ask exactly these questions.

If you’re unsure how to classify a mechanic, this is the right moment to bring in a crypto regulatory lawyer. The audit itself doesn’t require one, but interpreting edge cases does.

Step 2: Choose Your Jurisdiction

MiCA is an EU-wide regulation, but CASP applications are submitted to the national competent authority (NCA) of the member state where your legal entity is incorporated. Common choices:

Estonia (Finantsinspektsioon): Historically the fastest and most digitised application process. Known for straightforward procedures and reasonable timelines. Well-suited for studios with lean compliance teams.

Lithuania (Bank of Lithuania): Similar to Estonia: tech-friendly regulator, established track record with crypto firms.

Germany (BaFin): Strict, thorough, and slow. Suitable if your studio is already German-incorporated or if you have the legal capacity to handle a demanding process.

France (AMF): Proactive in publishing MiCA guidance. Timeline is longer than Estonia but the AMF has been clear in its communications.

Sweden (Finansinspektionen): The home jurisdiction for Triolith Games AB. Solid regulator, somewhat slower process than Estonia.

For most studios starting from scratch, Estonia or Lithuania give the fastest path to authorisation.

Note: you don’t have to serve customers from the country where you’re licensed. One CASP license from Estonia passports across all 27 EU member states.

Step 3: Prepare Your Legal Entity and Documentation

MiCA requires a legal entity incorporated in an EU member state. A non-EU holding company does not qualify. If your studio is currently only incorporated outside the EU (US, UK, Singapore, etc.), you’ll need to set up an EU subsidiary first.

Required documentation typically includes:

• Articles of association for the EU entity
• Ownership structure and UBO (Ultimate Beneficial Owner) disclosures
• Business plan with projected financials
• Description of all regulated services you intend to provide
• Governance structure document (who is responsible for compliance decisions)
• Internal policies: AML policy, conflicts of interest policy, complaints procedure, cybersecurity framework, business continuity plan

Most national regulators publish templates or checklists. Download them from your target NCA’s website before you pay a lawyer to draft from scratch.

Step 4: Appoint Required Personnel

This is the part most studios underestimate. MiCA requires qualified people in specific roles before you can be authorised. You cannot submit the application and hire later.

Compliance officer: Responsible for your overall MiCA compliance programme. Must meet the regulator’s fit-and-proper requirements. Relevant experience in financial services or regulatory compliance is expected. Budget €80,000–€120,000 per year.

AML officer (MLRO): Responsible for the anti-money laundering programme. Must also meet fit-and-proper requirements. Can sometimes be the same person as the compliance officer if the NCA permits it, but this needs confirming with your chosen regulator.

Board-level governance: MiCA requires that at least two individuals effectively direct the business. The regulator will assess whether your leadership team has sufficient experience and good repute.

For studios that can’t afford two full-time compliance hires before launch, the licensed platform model (covered in the shortcut section below) removes this requirement entirely.

Step 5: Submit the CASP Application

Once your entity is structured, your documentation is complete, and your personnel are in place, you submit the application to your chosen NCA.

The application package typically runs to hundreds of pages once all policies, disclosures, and governance documents are included. It’s not unusual for the preparation phase to take 3–6 months with an experienced legal team.

After submission, the NCA has 40 working days to assess whether the application is complete. If they request additional information, the clock pauses. Once deemed complete, they have a further 40 working days to grant or refuse authorisation.

Realistic timeline from preparation start to authorisation: 6–12 months. Some studios in straightforward jurisdictions complete it faster; others with complex service models take longer.

Step 6: Ongoing Obligations Once Licensed

Authorisation is not the end of the process. Licensed CASPs have continuous obligations:

Annual reports to the NCA confirming ongoing compliance with capital requirements, personnel requirements, and policy standards.

Suspicious activity reports (SARs): Any transaction that triggers your AML monitoring as potentially suspicious must be reported to the financial intelligence unit in your jurisdiction. In most EU countries this is an automated reporting obligation, not a discretionary one.

Incident reporting: Significant operational incidents (security breaches, system failures affecting clients) must be reported to the NCA within defined timeframes.

Capital monitoring: Your minimum capital requirement must be maintained at all times. If it falls below the threshold, the NCA must be notified immediately.

Policy reviews: Your AML policy, cybersecurity framework, and governance documents must be reviewed at least annually, and updated when regulations or your business model change.

Token listing reviews: If you add new token types to your marketplace, each addition may require assessment against MiCA’s asset classification rules.

The Shortcuts: Two Faster Paths

If the 6–12 month timeline and €500K–€1M year-one cost aren’t workable for your studio’s launch schedule, there are two faster alternatives.

White-label or distribution arrangement. MiCA explicitly permits a non-licensed entity to offer services under its own brand, provided an authorised CASP takes regulatory responsibility for those services. In practice this means finding a licensed CASP willing to enter a formal distribution agreement — the CASP covers your regulated activity under their authorisation, and you operate as a distributor. This is a contractual path, not a technology integration.

Building on a licensed platform.

Some platforms are building toward holding their own CASP authorisation and making it available to studios through API integration. Triolith Games AB’s Genesis Engine is pursuing this model, with CASP authorisation in progress with Finansinspektionen in Sweden. Instead of applying for your own license, your game would operate under the platform’s licensed infrastructure.

The trade-off is a platform fee rather than a flat compliance infrastructure cost — the structure varies by provider. There’s no application process, no required compliance hire, no capital lockup, and no multi-month wait.

This is structurally identical to how small software companies accept payments through Stripe instead of applying for their own payment institution license.

Timeline and Cost Summary

Stage	Solo CASP	Licensed Platform
Legal setup	1–3 months, €30K–€100K	None
Entity incorporation	1–2 months (if new EU entity needed)	None
Personnel hiring	2–4 months, €160K–€240K/year	None
Application preparation	3–6 months, €50K–€150K legal fees	None
Regulator review	3–6 months	None
Capital lockup	€50K–€150K+ (locked, not operational)	None
Total time to launch	6–12+ months	Weeks
Year-one cost	€500K–€1M	Platform fee (varies by provider)

FAQ