Why your provider's compliance matters to your licence
Under DORA, financial-sector firms are responsible for the operational resilience of their critical ICT providers. For a BATM operator regulated under MiCA, your crypto software vendor is exactly that kind of provider. In practice, this means regulators expect your vendor to be DORA-compliant — and to be able to prove it.
That's why our compliance is directly tied to your ability to obtain and keep a MiCA licence. If we weren't prepared, your licence could be at risk. Keeping our house in order keeps yours protected.
Maintaining DORA compliance is an ongoing program, not a one-off certificate. On your behalf, it means we continuously invest in:
- Independent audits of our infrastructure and development processes
- Resilience testing and disaster-recovery exercises
- Documented incident-response procedures, kept current
- Active oversight of our own third-party service providers
- Up-to-date security audit reports you can hand to your regulator
Each of these carries real, recurring cost — and each upcoming audit cycle adds more. These aren't expenses we incurred once; they continue for as long as we maintain the standard you rely on.
Introducing a monthly compliance contribution
To keep this model sustainable, we're introducing a monthly compliance contribution that covers these ongoing costs. It's set according to the total number of active terminals your organization operates:
Pricing is per organization, based on total active terminals. Amounts in USD, per month.
Why operators are putting this in place
For a MiCA-licensed operator, your supervisor doesn't just look at your own controls — they look at whoever runs your critical infrastructure. Increasingly, that means you'll be asked to show that your software provider is DORA-compliant, with current evidence to back it up. The DORA compliance addendum, and the security audit reports that come with it, are exactly that evidence: the document you hand over when the question is asked, rather than the thing you scramble for once it already has been.
Having it in place ahead of time is simply the calmer position — it means an audit, a licence review, or a regulator's question finds you ready, not chasing paperwork under a deadline. That readiness is what the monthly contribution maintains: a provider whose compliance is genuinely current, continuously tested, and documented in your name.
Want to understand which tier applies to you, or talk through the addendum? Get in touch with our team — we're happy to walk you through it. You can also explore our full overview of EU compliance features.
