Licensing Playbook - Chapter: choosing the right EEA member state to license in.
How to Choose Your EEA Fintech Jurisdiction (Without Regretting It)
Most founders I meet have already chosen the EEA before we talk: passporting, a single market of roughly 450 million people, and the weight an EU authorization carries make that call for them. The real decision is which member state - and the states are not interchangeable. Rank them on where the regulator draws the line between what a payment institution is compared to an electronic money institution, substance, speed, banking access, and cost.
*As of 2026, under the EU's PSD2 and EMD2 passporting framework.*
Why Founders Pick the EEA - and Where the Real Decision Starts
The EEA's case makes itself: license once, sell almost everywhere in Europe. Under PSD2/EMD2 (Directive (EU) 2015/2366), a payment or e-money institution authorized in one EEA member state can provide services across all 30 EEA states through passporting notifications rather than fresh applications - a market of roughly 450 million people from a single authorization. And there is a softer reason founders rarely say out loud but always weigh: an EU authorization reads well. Banks, investors, and enterprise counterparties treat it as a mark of seriousness.
Here is what that framing hides. "One market" is where the sameness ends. The directives are the same in all 30 states; the regulators reading them are not. Where the payment-services perimeter sits, how much substance is expected, how long the queue runs, how partner banks respond to the home flag - all of that varies country by country.
So the question this chapter answers is not "should we license in Europe" - for most of the founders in my calendar, that is already settled. It is "which member state," and that one deserves a framework, because it sets your capital bill, your hiring plan, your timeline, and your banking options for years, and it lands before you write a line of product code.
The Criteria That Separate EEA Member States
Inside the EEA, the criteria that matter are the ones that differ between member states: the license your product needs and where the local regulator draws its perimeter, the regulator's style and substance expectations, then cost, timeline, and banking access. Capital will not separate them - the floors are set by the directives, not the country.
Criterion one - license type, and where the local line sits. Decide what permission your product needs before you look at any country. If you hold customer balances you generally need an e-money institution (EMI) license; if you only move money, a payment institution (PI); crypto-asset services point to a CASP authorization. But note - and this surprises founders every time - the boundary between PI and EMI is not read identically across the EEA. More on that below, because it can change your capital requirement by a factor of nearly three.
Criterion two - regulator style and substance. Every credible EEA regulator now expects real local presence: directors, compliance staff, decision-making in the country. What differs is degree and temperament, and this is where the member states stop being interchangeable. Four contrasts from our own practice, offered as observations rather than league tables:
The Netherlands remains one of the strongest EU options for payment and e-money institutions. The DNB is demanding and documentation-heavy (which makes the preparation process relatively expensive) - and in exchange the license carries real weight with banks, investors, and enterprise clients. The part that surprises founders, given the regulator's standards, is that the local substance threshold can be very low by European standards: in practice, a firm may be able to start with a lean local team of around two people. The process can also be relatively efficient, and the regulator communicates in English and accepts most documentation in English.
Malta is also an English-speaking jurisdiction and a natural fit for crypto-related business models - but its appeal is broader than crypto. Malta has deep experience with gambling, investment services, and financial-sector structures, which makes it a natural home for companies operating at the intersection of payments, crypto, gambling, or investment-related products, and it offers direct SEPA access, which can be an important infrastructure advantage. The trade-off: substance expectations are materially higher than in the Netherlands, while the license carries significantly less banking prestige than a Dutch authorization.
Spain is the balanced middle-ground option. It offers one of the largest domestic markets in the EU, a strong and broad labor market, and salary levels below the Netherlands. The Banco de España is not usually the fastest regulator, but Spain can still be attractive where you want a credible EU license, a real local market, and a more balanced cost profile.
Latvia has become a serious Baltic alternative. The regulator is open to direct pre-application dialogue, operating costs are lower, and Latvia now offers native SEPA access - similar in practical importance to the Centrolink infrastructure that previously made Lithuania especially attractive for fintechs. Founders who assumed Lithuania was the only Baltic option should look again.
Criterion three - capital, which will not decide this for you. Initial capital is regime-driven, not country-driven. An EMI carries a minimum initial capital of €350,000 under EMD2 (Directive 2009/110/EC, Art. 4); a PI carries €20,000, €50,000, or €125,000 depending on services under PSD2, Art. 7. Those floors are identical in Vilnius, Amsterdam, and Valletta. What varies is everything around them: advisory cost, salaries, regulator fees - and which license the local regulator thinks your product needs in the first place.
Criteria four through six - cost, timeline, banking access. Only after the first three do regulator fees, advisory cost, and review speed matter - and finally, whether you can actually open accounts and reach SEPA or SWIFT from that base. Banking access is the criterion founders rank last and regret first. Passporting, by the way, used to sit high on this list when the decision was global; inside the EEA it drops out entirely, because every member state passports the same.
EU initial capital by license type
| License | Initial capital | Basis |
|---|---|---|
| EMI (e-money institution) | €350,000 | EMD2, Art. 4 |
| PI (payment institution) | €20,000 / €50,000 / €125,000 depending on services | PSD2, Art. 7 |
These are regulatory floors, not operating budgets; initial capital is set by the license, not the country - the floors are identical across EEA member states.
The Same Product, a Different License: Where the PI/EMI Line Moves
The least-discussed difference between EEA member states is where the regulator draws the line between a payment institution and an e-money institution - the same product can be a PI in one country and an EMI in another. This is not the directive changing; it is national regulators reading the same perimeter differently, and it is worth a pre-application conversation before you commit anywhere.
The two extremes we see in Advapay's licensing practice: in Poland, the KNF has in practice allowed a remarkably broad range of payment models to run under a PI authorization - the significant carve-out being issuing e-money in a form of stablecoins. In Lithuania, the Bank of Lithuania tends toward the opposite reading: where a company opens client accounts or holds balances for customers, expect to be steered to an EMI, whatever your own perimeter analysis says.
The consequence is concrete. The same wallet-adjacent product might file as a PI with €125,000 of initial capital in one member state and as an EMI with €350,000 in another - with a different safeguarding setup to match. I flag this as an observation from practice, not a statement of law: perimeter readings evolve, and the only answer that counts is the one your target regulator gives you in writing. Ask the question early; it is one of the cheapest pieces of diligence in the whole process.
Weighing the Criteria When They Conflict
Criteria pull against each other, and the weighting rule I give founders is simple: cheap-and-fast loses to credible-and-scalable, because regulators, banking partners, and investors all read your choice of home. A member state that approves quickly but carries a weaker reputation can cost you later, when a correspondent bank takes one look at the home flag and declines to onboard you.
Realistic timelines show why speed is a criterion to weight carefully. End-to-end EU EMI and PI authorization typically runs around 9-18 months depending on file quality and regulator load - a range, not a clock. A regulator advertising a short statutory determination period does not help if its queue is long or its expectations are high, and a faster approval is worth little if banking partners then hesitate.
There is also the question of banking relationships. A well-regarded home regulator makes banking relationships smoother across the EEA; a base chosen purely on speed can narrow your partner options. The honest weighting from practice: optimize for the market you are scaling into and the partners you need, not for the lowest sticker price on authorization.
Founders want me to rank jurisdictions on price. I make them rank the criteria instead - start with the market they have to win and who has to say yes to them, the regulator and the banks, and keep cost near the bottom of the list. Weight the decision that way and the right home tends to pick itself; weight it on the filing fee and you back into the wrong one.
Where the Framework Breaks: Scoring on Cost
The framework breaks in one predictable way - founders weight cost first and treat substance, banking access, and reputation as afterthoughts. A founder came to us not long ago with an authorization already in hand, chosen - he admitted it himself - because it was the cheapest row on his comparison spreadsheet. The license was real. What he could not get, a year later, was a safeguarding account any partner bank would open, and the fix cost him more than the difference between the cheapest and the most expensive option on that original spreadsheet.
His case was not unusual. Three errors recur: underestimating substance - assuming a registered address and a remote director satisfy a regulator that expects local management and genuine operations. Ignoring banking access - securing a license, then finding no partner bank will open the accounts needed to move money. Licensing for today's MVP rather than the three-year roadmap, then needing a second authorization when the product adds a wallet or a new market. Advapay has supported 100+ licensing processes, and the pattern holds: the costly mistakes are strategic, made at the selection stage, not clerical ones made later in the file.
To be fair to the spreadsheet founders: at seed stage, cost pressure is real, and I am not going to pretend the fee schedule doesn't matter. It does - fourth or fifth on the list, not first. Score the framework against where you are going, not where you start.
Running the Framework as One Launch
Advapay runs this framework as the first workstream of a launch, then carries it through licensing, the core banking platform, and banking access so the entity actually operates - not just exists on paper. That one-stop framing matters here because every criterion in the framework touches all three at once.
On the licensing side, Advapay's fintech consulting practice helps map the license to the product, shortlist member states against perimeter and substance, prepare the business, IT, and compliance documentation, communicate with the regulator, and recruit the local team. For comparing the options country by country, our comparison of EU fintech jurisdictions and the EMI and payment institution licensing hub lay out what each market requires.
The point of scoring the framework well is that everything downstream - the platform, the banking partners, the second market - gets easier. Advapay covers the regulated entity, the Macrobank platform, and banking access as one launch, so the member state you choose is one you can actually build on.
Questions Founders Actually Ask
Which EEA country is cheapest for a fintech license?
There is no single cheapest answer, because initial capital is set by the license (EMI €350,000; PI €20,000-€125,000), not the country. Country-level differences are mostly advisory cost, regulator fees, and local salaries - and the cheapest filing fee often comes with weaker banking access or a tougher reputation, so the lifetime cost can be higher.
Which EEA country is fastest to license in?
Speed depends more on file quality and the regulator's queue than on the country. EU authorizations broadly run 9-18 months end to end. A short advertised statutory period does not guarantee a fast real-world approval.
Do I really need local substance?
Yes. Regulators across the EEA expect genuine local management, compliance presence, and decision-making in the country. A registered address with no real operations is a common reason applications stall.
Can I just license in one country and serve the whole EU?
Within the EEA, yes - passporting lets you serve all member states from one authorization. Outside the EEA (the UK, Canada, the US), you need separate registration in each, since the EU passport does not reach them.
Can I onboard European clients as a Swiss SRO member or a Canadian MSB?
Not through active marketing or solicitation into the EEA. Swiss SRO membership and Canadian MSB registration are well-respected regimes, but neither is an EEA authorization and neither gives you passporting rights into the EU. That means you should not actively target, advertise to, or solicit EEA clients as an unlicensed payments or e-money business.
That said, onboarding may be possible in a genuine reverse-solicitation scenario, where the EEA client approaches you independently and the relationship is not the result of your targeted EU-facing sales activity. In practice, this needs to be handled carefully and documented properly, because European regulators will look at the substance of how the client was acquired, not just the wording used in the onboarding file.
If Europe is a target market, plan for an EEA license; our Swiss fintech license and SRO spotlight and Canada MSB registration page cover what each home regime does and does not permit.
What is reverse solicitation - and can I build a business on it?
Reverse solicitation is the narrow exception under which a client outside your licensed territory approaches you entirely on their own initiative. It cannot be manufactured: EU-facing marketing, EU-language onboarding, or EU-targeted ads generally defeat it, and European regulators read the exception narrowly. It can cover the occasional unsolicited inbound client; it is not a market-entry strategy, and if your plan relies on it, treat that as a red flag and confirm your position with counsel.
Final thought
The EEA makes the first half of this decision easy - passporting, a 450-million-person market, and an authorization that opens doors. The second half, which of the 30 member states, is where the regret accumulates, and it is the half most founders spend the least time on. Score the criteria that actually differ - where the regulator draws the PI/EMI line, substance, speed, banking access, cost - and a defensible home falls out. Score the filing fee and you optimize for the wrong number, then pay for it in banking access and a second application.
If I could compress this chapter into one sentence: pick a home for the regulator conversations you will be having in year three, not the filing fee in month one. If you want a second pair of eyes on your shortlist, speak to our team - and if you are still scoping the whole launch, our How to Launch a Fintech Company in 2026 and the EMI vs PI explainer are good next reads.