Blockchain Governance: A Review of Global Regulatory Frameworks (Europe)

Introduction

Europe’s cryptocurrency regulations extend beyond the borders of the European Union (EU). This article examines 46 countries (the 44 UN members in Europe, plus Kosovo and the Vatican City) to illustrate how the region regulates blockchain in practice. Within the EU, frameworks such as the Markets in Crypto Assets Regulation (MiCA), the Travel Rule, and various other Directives and Guidelines create a harmonised regulatory environment. Some EU member states even went a step further to introduce criminal sanctions to bolster compliance.

In contrast, significant markets like the UK and Switzerland, along with numerous European Economic Area (EEA) states, neighbouring countries, and microstates, operate under distinct regulatory frameworks, each with unique timelines, permissions, and enforcement styles. As the second part of this series, this article builds on the North America article, employing the same template (laws, guidelines, licensing, cases, enforcement). This structure allows for a direct comparison of jurisdictions, facilitating informed planning for any cross-border or inter-jurisdictional activities.

  • The European Union (EU)

  • The Markets in Crypto-Assets Regulation (MiCA) 2023/1114 establishes uniform rules for crypto-assets and related services and activities within the EU. Some provisions of MiCA include definitions for essential terms and concepts, such as the scope of what is a “crypto-asset service”, mandates Crypto-Asset Service Providers (CASPs) to be authorised before operating (Title V stipulates the grounds for authorisation and withdrawal, and conditions of operating), specifies rules for crypto-asset White Paper, Consumer Protection, and Stable Coins (referred to as asset-referenced & electronic money tokens. The Regulation does not apply to crypto-assets that are unique and not fungible with other crypto-assets, such as digital art and collectibles.

  • Regulation (EU) 2023/1113 (Transfer of Funds Regulation - TFR), also known as the “Travel Rule”, amends Directive (EU) 2015/849[The Anti-Money Laundering and Combating the Financing of Terrorism EU Directive (AML/CFT)], expands the rules governing the transfer of funds to include crypto-assets and requires the inclusion of payer/payee or originator/beneficiary details during transfer of funds or crypto-assets. Chapter III of the Regulation outlines all obligations that CASPs must follow during the transfer transactions.

  • European Banking Authority (EBA) Guidelines

  • EBA/GL/2024/11, also known as the “Travel Rule Guidelines,” clarifies the steps Payment Service Providers (PSPs), CASPs, and their Intermediaries should take to detect missing or incomplete information that accompanies a transfer of funds or crypto-assets, and the procedures they should put in place to manage a situation where a transfer is lacking the required information.

  • EBA/GL/2024/01 amends ML/TF Risk-Factors Guidelines (EBA/GL/2021/02), extending the AML risk-factor guidelines to crypto-assets and CASPs. It also introduces crypto-specific risk factors and measures to combat them, such as CASPs having suitable and effective transaction monitoring and analytical tools, as well as applying enhanced customer due diligence (CDD).

  • The Directive on Administrative Cooperation (DAC8) is an EU Council Directive based on the Organisation for Economic Co-operation and Development’s Crypto-Asset Reporting Framework (OECD-CARF). It mandates the automatic exchange of information on crypto-assets between EU countries to combat tax fraud, evasion, and avoidance. Reporting CryptoAsset Service Providers (RCASPs) are also subject to reporting requirements and due diligence procedures. This Directive will become applicable across all EU Countries by 1 January 2026.

  • Commission Delegated Regulation (EU) 2025/299 of 31 October 2024 supplements the EU MiCA, setting regulatory technical standards requiring crypto-asset service providers to keep proportionate, management-approved, and annually tested business-continuity policies and plans—covering governance, timely client/authority communications, etc., to ensure continuity and regularity of services.

  • The European Securities and Markets Authority (ESMA) Guidelines (2025) cover the following key areas:

  • Maintaining secure systems and access controls for crypto-services.

  • Establishing rules for crypto-asset transfer services.

  • Clarifying reverse solicitation from third-country firms.

  • Defining suitability and periodic statement requirements for portfolio management.

  • Guiding the prevention and detection of crypto market abuse.

  • Establishing minimum knowledge and competence standards for staff.

  • Regulation 2022/858 of 30 May 2022 (the EU’s DLT Pilot Regime) establishes a time-limited EU pilot for market infrastructures based on distributed ledger technology (DLT), which includes DLT multilateral trading facilities, DLT settlement systems, and combined DLT trading and settlement systems. These infrastructures can trade and settle tokenised financial instruments under the oversight of the European Securities and Markets Authority (ESMA). The pilot allows for targeted, conditional exemptions from several regulations, including the Markets in Financial Instruments Regulation (MiFIR, Regulation (EU) No 600/2014), the Markets in Financial Instruments Directive II (MiFID II, Directive 2014/65/EU), and the Central Securities Depositories Regulation (CSDR, Regulation (EU) No 909/2014). Eligibility is limited to shares of issuers with a market capitalisation under €500 million, bonds and money-market instruments with issue sizes under €1 billion, and units in collective investment undertakings with assets under management under €500 million. Additionally, there is an aggregate cap of €6 billion per infrastructure and a €9 billion threshold that triggers transition off the pilot.

  • Albania

  • Law No. 66/2020, enacted in 2020, is Albania’s first regulation governing cryptocurrencies. It governs financial market activities based on distributed ledger technology (DLT), requires Virtual Assets Service Providers (VASPs) to obtain a license before operating, and mandates compliance with all Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) obligations. The Albanian Financial Supervisory Authority (AFSA) and the National Authority on Information Society (NAIS) are responsible for administration. The AFSA provides the procedures for obtaining a licence.

  • Notable case: In 2022, two crypto mining farms were shut down, and the perpetrators were arrested for failing to comply with provisions of the law.

  • AFSA Regulation (Amended 2020): This regulation focuses on preventing money laundering and the financing of terrorism. Article 3 includes VASPs among the regulated entities. It mandates all VASPs to conduct due diligence on clients and transactions, maintain records, and report suspicious transactions or those exceeding 1,000,000 Albanian LEK.

  • Andorra

  • Decrees 211/2023 & 213/2023 were both issued in May 2023 and form part of the government of Andorra’s strategy to promote digital innovation and the digital economy. They promote fintech research and development through a controlled testing environment known as a “sandbox” and establish the framework for registering and operating innovative start-ups.

  • Digital Assets Act (Law 24/2022) recognises blockchain and digital assets, granting them legal value in the form of cryptocurrency. It requires VASPs to be licensed and implement AML/CFT obligations, including the traceability of transactions and the maintenance of records for 10 years. The overseeing authority is the Andorran Financial Authority.

  • Decree 478/2022 establishes the regulatory framework for licensing and supervising persons dealing with digital assets and distributed ledger technology (DLT) Exchanges. It mandates all entities in the digital assets space to comply with all AML/CFT policies.

  • Law 9/2021 amends Law 35/2014 on electronic trust services to include trust services on the DLT. It provided definitions for various terms, such as immutability, distributed ledger, smart contract, consensus mechanism, and blockchain system.

  • Austria (EU Member)

  • MiCA-Verordnung-Vollzugsgesetz (MiCA-VVG): As a member of the EU, Austria has transposed all legal provisions of the MiCA Regulations under its national laws (MiCA-VVG). Supervisory authority lies with the Finanzmarktaufsichtsbehörde (Financial Market Authority).

  • The Financial Market Authority (FMA) Guidance: The FMA has provided a variety of guidelines for CASPs, such as the comprehensive guide for licensing CASPs, the procedures for white paper submission through its Secure Electronic Prospectus Portal (SEPP), and issuance of Asset Referenced Tokens (ARTs) or E-Money Tokens (EMTs). The FMA also maintains a Database for licensed CASPs.

  • Licensed company: BitPanda in April 2025.

  • Belarus

  • Decree No. 8 (2017), amended in March 2021, is a presidential decree that fosters a modern digital economy. It develops the High-Tech Park (HTP) for digital innovations, legalises tokens, and regulates other forms of blockchain-based activities, such as smart contracts and Initial Coin Offerings (ICOs), while offering tax benefits. The law mandates that crypto-platform operators hold a minimum of 1 million Belarusian Rubles in a Belarusian bank account and Exchanges at least two thousand Belarusian Rubles. The HTP maintains a list of resident companies on its website.

  • Decree No. 48 (2022), amended in April 2023, is a presidential decree aimed at combating illegal activities involving virtual assets. It establishes a register for virtual wallet addresses suspected of involvement in illicit activities, such as terrorism and fraud. It enables the seizure and sale of cryptocurrencies used in these illegal activities. The Supervisory Board of the Hi-Tech Park is tasked with administering the Register.

  • Belgium (EU Member)

  • The EU MiCA: As a member of the EU, this regulation directly applies in Belgium, even without transposition.

  • Royal Decree (08.02.2022): Prior to the EU MiCA, Belgium introduced crypto regulation in 2022 through a Royal Decree. The decree outlined the rules, conditions and procedures for Exchange and Custodian Wallet Service providers to register with the Financial Services and Markets Authority (FSMA) and operate in Belgium. They are mandated to be registered with the FSMA before operating, establish an independent audit function, implement procedures for verifying staff during recruitment, and have a share capital of € 50,000.

  • Notable case: In June 2023, the FSMA ordered Binance to stop all virtual currency exchange and custody services in Belgium due to a lack of registration or authorisation.

  • The FSMA Regulation (2023) governs advertising and promotional activities that aim to encourage consumers to purchase virtual currencies, whether by a company, a social media influencer, or a trading platform. It mandates risk warnings for all virtual currency adverts and states the manner and procedure for presenting such risk warnings.

  • Bosnia and Herzegovina

  • AML Law (2024): Published in the Official Gazette BiH No. 13/24, this law extends its coverage to VASPs and virtual currencies. Under the law, VASPs are mandated to comply with all applicable AML/CFT obligations, including performing customer due diligence (CDD), developing risk assessment measures for money laundering and terrorist financing, monitoring transactions, and reporting suspicious activities to the Financial Intelligence Unit (FIU). Sanctions, such as monetary fines, are prescribed for non-compliance.

  • Službeni Glasnik RS, br. 63/22 (5 July 2022), amended the Securities Market Act of the Republika Srpska and introduced regulations for virtual assets and VASPs. It granted the Securities Commission (SC) the authority to register VASPs, supervise them for AML/CFT compliance, and impose penalties.

  • Notable case: Balkan Crypto Exchange (BCX) is the first VASP registered under this law with the SC.

  • Bulgaria (EU Member)

  • The EU MiCA: As a member of the EU, Bulgaria transposed the regulation into its national law in June 2025. CASPs in Bulgaria are expected to comply with the provisions by 31 December 2025.

  • The Measures Against Money Laundering Act (MAMLA), amended in 2023, before the coming into force of the EU-MiCA, subjects VASPs to AML/CFT obligations.

  • Croatia (EU Member)

  • The EU MiCA: As an EU member state, MiCA became applicable in Croatia on 30 December 2024. The National Bank and the Financial Services Supervisory Agency (HANFA) are the two bodies responsible for supervising crypto-assets in Croatia. Companies providing crypto-services (including those with HANFA’s registration under the AML/CFT Act) are expected to apply for MiCA authorisation from HANFA by 1st July 2026.

  • Crypto-Asset Reporting Framework (CARF): In November 2023, Croatia announced, in a joint statement with other countries, its intention to implement the OECD Crypto-Asset Reporting Framework (CARF). Transposing the CARF into national law has begun, with implementation to start in 2027.

  • Anti-Money Laundering and Terrorist Financing Act (Official Gazette no. 108/17, 39/19, 151/22): Before the implementation of the EU-MiCA, all entities providing virtual asset-related services were regulated under this Act and required to register with the HANFA. HANFA maintains a Register of entities authorised to offer crypto-asset services under MiCA.

  • Notable case: Several Companies such as Digital Assets d.o.o. and White Tech d.o.o. have registered with HANFA.

  • Cyprus (EU Member)

  • The EU MiCA & TFR applies to all CASPs in Cyprus. The Cyprus Securities and Exchange Commission is the authority responsible for authorising and supervising CASPs. There is a transitional period (until 1st July 2026) for CASPs already registered under National laws to obtain MiCA-compliant registration.

  • Law 96(I)/2025 aligns Cyprus’ AML national legislation with the EU’s MiCA and TFR provisions.

  • Central Bank of Cyprus (CBC) Directive (K.D.P 120/2025) allows Cyprus-regulated banks to provide accounts to CASPs licensed under MiCA, integrating crypto service providers within the CBC’s AML supervisory remit.

  • The Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 (as amended in 2021) provides a comprehensive AML/CFT framework. It defines CASPs and subjects them to the same AML/CFT obligations as other financial institutions. The Securities and Exchange Commission maintains an official register of CASPs under this law. This register lists entities that are legally authorised to offer crypto-asset services in or from Cyprus.

  • Cyprus Securities and Exchange Commission (CySEC) Circulars: CySEC has issued several circulars on CASPs, providing essential guidance on the regulatory framework for cryptocurrencies in Cyprus.

  • Czech Republic (EU Member)

  • The Act on Digitisation of the Financial Market (2025) transposes the EU digital finance laws, including MiCA, into Czech national law. The law grants the Czech National Bank (CNB) licensing and supervisory authority over CASPs and activities related to crypto assets. It also amends the Trade Licensing Act (Act No. 455/1991 Coll.) – Annexe, removing the free trade licence category. Persons previously providing virtual asset-related services under this licensing regime are allowed a transitional period (until July 1, 2026) to obtain MiCA authorisation.

  • AML Act No. 253/2008 (as amended in 2017) subjects all virtual asset services and service providers to AML/CFT obligations, including customer due diligence and the reporting of suspicious transactions.

  • The Trade Licensing Act (Act No. 455/1991 Coll.) – Annexe is an amendment to the Trade Enterprise Act (1991), which introduced activity No. 81 (provision of services related to virtual assets) into the free trade categories and a licensing regime for providers of these services. This licensing regime has now been discontinued.

  • Financial Administration’s Tax Guidance (2022) classifies cryptocurrencies as intangible property, with profits from sales or exchanges subject to personal or corporate income tax. Crypto-to-fiat exchanges are exempt from VAT. Mined crypto is only when sold, and individuals or businesses must report crypto earnings exceeding CZK 15,000 annually.

  • Denmark (EU Member)

  • Law No. 481 of 22/05/2024 amends various laws in Denmark, including the Financial Business Act and the Capital Markets Law. It incorporates the EU MiCA and aligns its provisions to the EU Travel Rule (for AML/CFT compliance). Finanstilsynets (Financial Supervisory Authority) is mandated with licensing and administrative authority and maintains a portal for the application of licences.

  • Law No. 409 of 29 April 2025 aligns the EU DAC8 (law on crypto-asset reporting) with national law. It gives Skatteministeren (Ministry of Taxation) the power to make rules on crypto-related transactions reporting for CASPs.

  • Tax Administration Guidance: Provides several guidelines for the current taxation of crypto-assets in Denmark. Meanwhile, a new crypto-asset taxation law is being proposed, which will clarify the tax rules. Recommendations published by the Tax Council in an October 2024 Report are proposed to be the basis for this new law.

  • Notable cases: Cases BS-32180/2021-HJR & BS-17439/2022-HJR, in both cases, the court held that profits from cryptocurrency mining and subsequent sales are subject to taxation, regardless of acquisition method (purchase, mining, or donation), subject to narrow speculation exemptions.

  • Estonia (EU Member)

  • Market in Crypto-Assets Act (2024) implements the EU MiCA and Digital Operations Resilience Act (DORA) in Estonia’s national law. Finantsinspektsioon (Financial Supervisory Authority) is the designated supervisory authority.

  • Money Laundering and Terrorist Financing Prevention Act (2017) subjects VASPs to AML/CFT obligations. It provided the framework for licensing of VASPs in Estonia before the EU MiCA and granted supervisory and licensing authority to the Financial Intelligence Unit (FIU). The FIU has published several guidelines on virtual asset-related activities.

  • Notable case: B2BX Digital Exchange OÜ, facing licence revocation from the FIU after significant deficiencies were found in its operations, voluntarily relinquished its license on January 31, 2025.

  • Finland (EU Member)

  • Law 402/2024 implements the EU MiCA in Finland’s national law and repeals the 2019 Act on Virtual Currency Providers. A transition period was made for VASPs that were previously registered by the Financial Supervisory Authority (FIN-FSA) under the 2019 Act if they apply for MiCA authorisation by 30th October 2024.

  • FIN-FSA Regulations and Guidelines of 2/2023 (updated 06/2025) subject VASPs to AML/CFT obligations, while those of 4/2023 (updated 01/2025) address compliance with sanction laws and national freezing orders.

  • France (EU Member)

  • Law no. 2025-391 (April 2025) establishes the legal framework for using crypto-asset pledges as collateral. This gives the owner of a crypto-asset the possibility of getting a crypto-asset-backed loan. Additionally, the law transposes the EU TFR into French law.

  • Law no. 2025-127 (February 2025) mandates tax reporting obligations on crypto-asset transactions. It requires CASPs to report crypto transactions with complete identification and transaction data, mandates users with foreign crypto wallets to declare holdings, and institutes penalties for undeclared or incorrectly declared crypto wallets.

  • Decree no. 2025-169 (February 2025) provides procedures for registration and authorisation of CASPs by the Autorité des Marchés Financiers (AMF- the Financial Markets Authority), administrative mechanisms, and enforcement rules. It allows CASPs already licensed or registered under the 2019 Plan d’Action pour la Croissance et la Transformation des Entreprises (PACTE Law) to continue to operate until July 2016 pending MiCA authorisation. AMF maintains a register of blacklisted CASPs.

  • Notable case: BYBIT & BITGET blacklisted by the AMF for non-compliance.

Ordinance n° 2024-936 (October 2024) implements the EU MiCA into French Law. It streamlines national laws on crypto asset-related activities.

Law no. 2023-171 (March 2023) is a transitional law between the national PACTE Law and the EU MiCA. It supplements and enhances the PACTE 2019 and expands the powers of the AMF.

  • PACTE Law (2019) is France’s first comprehensive regulatory framework for crypto-assets and CASPs. It set out AML/Know Your Customer (KYC) obligations for CASPs and required registration with the AMF.

  • Germany (EU Member)

  • Finanzmarktdigitalisierungsgesetz (FinmadiG) 2024 amended several laws in Germany, such as the German Banking and Securities Law, and implemented the EU MiCA. It also introduced the Crypto Markets Supervision Act - KMAG, which grants supervisory authority over CASPs and crypto-asset issuers to the Federal Financial Supervisory Authority (BaFin).

  • Kryptomärkteaufsichtsgesetz (KMAG) 2024 is part of Germany’s implementation law of the EU MiCA. It confers supervisory authority and powers to issue orders to the Federal Financial Supervisory Authority (BaFin).

  • Kreditwesengesetz (KWG) 1998 (amended February 2025) is Germany’s Banking Act. In its 2020 amendment, the law introduced crypto custody services and their licensing.

  • Kryptowertetransferverordnung (KryptoWTransferV) 2023 regulates and imposes due diligence obligations on crypto transfers. It aligned its provisions with the Financial Action Task Force (FATF) Travel Rule.

  • Money Laundering Act (Geldwäschegesetz – GwG 2017), amended in 2024, extends AML obligations to crypto-asset services and CASPs.

  • BaFin Guidance & Notices: Germany’s Federal Financial Supervisory Authority (BaFin) has published several guidelines on crypto service business and warning notices for unauthorised CASPs.

  • Notable case: BaFin issued a warning notice against Immediate Dash for unauthorised operation.

  • Greece (EU Member)

  • Law 5193/2025 (April 2025) is the national legislation that implements the EU MiCA. It amends several laws in Greece, such as Laws 4557/2018 (AML) and 4514/2018 (Markets in Financial Instruments Directive – MiFID II), lays down the licensing and sanctions regime, and grants the Hellenic Capital Market Commission and the Bank of Greece supervisory authority.

  • Law 4734/2020 (FEK A196/2020) amended Law 4557/2018 (the Greek AML law that defined virtual assets and imposed AML obligations on CASPs) and implemented the EU AML Directive 5 into national law. The amendment added increased due diligence obligations for CASPs and stricter supervision.

  • Hungary (EU Member)

  • Act VII of 2024 is a law on crypto-assets that transposes the EU MiCA into Hungarian national laws. It grants the Magyar Nemzeti Bank (MNB) supervisory authority over CASPs. It requires CASPs to be authorised before operating, and those previously registered prior to MiCA coming into force are expected to become MiCA compliant by July 1st, 2025.

  • Magyar Nemzeti Bank (MNB) Guidance: Published in March 2025, this guidance provides a breakdown of how CASPs can seek authorisation, the types of crypto services that require MNB authorisation, the licensing requirements that must be fulfilled, and AML and Travel Rule obligations. Additionally, the MNB published guidance regarding the authorisation of activities for Asset-Referenced Token Issuers.

  • AML Act, 2017 (amended 2024) subjects CASPs to AML/CFT obligations that apply to other financial institutions. The amendment to the law aligned its provisions with the EU Travel Rule and FATF Recommendations for VASPs.

  • Bill No. T/11922 (June 2025) amends several Hungarian laws, including the Criminal Code (2012. évi C. törvény), to enhance the competitiveness of Hungary. These amendments criminalise the abuse of crypto-assets and the unauthorised provision of crypto-asset exchange services. Under the new legislation, users of unauthorised crypto exchanges—those that are not validated or licensed—who convert crypto-assets into fiat or other crypto-assets face penalties of 2 to 5 years imprisonment. Similarly, unauthorised service providers (CASPs) can be punished with imprisonment ranging from 3 to 8 years. The length of the prison sentence is determined by the financial threshold involved in the offence. For example, a basic offence involving any unauthorised crypto exchange, irrespective of the value, can result in up to 3 years in prison. In contrast, a very high-value offence involving amounts of HUF 500 million or more could lead to a maximum of 8 years imprisonment.

  • Notable case: In response to this law, Revolut paused its crypto services in Hungary in July 2025.

  • Iceland

  • Act No. 140/2018 is Iceland’s AML/CFT law. The law recognises CASPs (describes them as obliged entities) and crypto-related services. The subjects CASPs to all its provisions, including obtaining registration before operating. The Central Bank of Iceland (CBI) has supervisory authority over CASPs, and it maintains a Register of VASPs that operate in Iceland.

  • Ireland (EU Member)

  • S.I. No. 607/2024 implements the EU MiCA in Ireland, granting the Central Bank of Ireland supervisory, investigatory, and administrative penalty powers over Crypto Asset Service Providers (CASPs).

  • The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (Revised 2025) designates Virtual Asset Service Providers (VASPs) as subject to all Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) obligations. This includes requirements for customer due diligence and the reporting of suspicious transactions. Non-compliance can result in severe penalties, including fines or imprisonment. Additionally, VASPs are required to register with the Central Bank, and failure to do so is also an offence that may attract fines or imprisonment.

  • The Tax and Duty Guidance (June 2024), published by Revenue, outlines the tax treatment of crypto-assets, defined as any digital representation of value or rights transferable via distributed ledger technology (DLT). Taxation on crypto-assets varies:

  • Capital Gains Tax applies to most disposals of crypto-assets.

  • Income or Corporation Tax applies if trading activities are deemed a business.

  • Value Added Tax (VAT) applies to goods or services purchased using crypto, although crypto transactions are exempt.

  • Pay As You Earn (PAYE) or Capital Acquisition Tax (CAT) applies to crypto received as salary or gifts, which are subject to these taxes.

  • Remittance Basis applies to non-domiciled individuals bringing foreign income or gains into Ireland.

All activities require consistent valuation and a six-year recordkeeping period.

  • Italy (EU Member)

  • Legislative Decree No. 129/2024 implements the EU MiCA, laying down rules for CASP licensing, segregation of client assets, and criminal penalties for unauthorised crypto operations.

  • Decree No. 95/2025 allows VASPs already registered with Organismo Agenti e Mediatori (OAM), the registry of financial intermediaries, to continue to operate until 30th June 2026, and the submission of applications for MiCA authorisation until 30th December 2025. The OAM maintains a Register for licensed VASPs.

  • Legislative Decree No. 231/2007 (amended 2025) recognised VASPs, in its 2018 amendment - Decreto-legge 90/2018, as obliged entities under the AML/CFT law. VASPs are required to register with the Organismo Agenti e Mediatori (OAM) and comply with all AML/CFT provisions, including maintaining internal compliance programmes. The 2025 amendment introduces additional obligations for CASPs that have their registered office and central administration in another EU Member State but operate in Italy without a branch. These entities, which may provide crypto-asset services or utilise other types of infrastructure, such as crypto ATMs, must designate a Central Contact Point (Punto di Contatto Centrale, PCC) in Italy by 1 July 2025. This PCC will serve as the point through which they fulfil the obligations of this decree.

  • Kosovo

  • Law No. 08/L 295 “On Crypto Assets” was published in Kosovo’s Official Gazette in November 2024. This law regulates the issuance, trading, licensing, and supervision of crypto entities in Kosovo, aligning the country’s legal framework with the EU’s MiCA. It requires all Crypto Asset Service Providers (CASPs) to be licensed by the Central Bank of Kosovo (CBK), which also holds oversight authority. Furthermore, CASPs must register in a public register maintained by the CBK and publish a white paper detailing technical and financial disclosures before launching any crypto token or ICO. They are also subject to the AML obligations provided under Law No. 05/L096 (Kosovo’s AML/CFT Law). Additionally, foreign CASPs are mandated to appoint a legal representative in Kosovo.

  • Latvia (EU Member)

  • The Law on Crypto-Asset Services (2024) implements the EU MiCA in Latvia. It designates Latvijas Banka as the competent supervisory authority, granting it the power to issue detailed rules, collect reports, and supervise compliance. The law also outlines application fees, compliance obligations, penalties, and a transitional period for CASPs already providing services prior to 30th December 2024.

  • AML/CFT Act 2008 (amended 2019 & 2024) in its 2019 amendment, included CASPs as obligated entities under its AML/CFT law, requiring them to register with the State Revenue Service, and implement KYC/CDD, internal controls, and transaction reporting. The 2024 amendment aligned its provisions with the EU MiCA and TFR.

  • Liechtenstein

  • EWR-MiCA-DG (2024/2025) implements the EU-MiCA in national laws. It grants the Financial Market Authority (FMA) as the competent authority under the law, with the powers to administer, license, and penalise CASPs. The FMA provides guidelines on how CASPs should seek authorisation.

  • The Tokens and TT Service Providers (TVTG) Act, 2019 (amended 2025), established the legal framework for crypto-assets-related services (described in the law as Trustworthy (TT) transaction systems) in Liechtenstein. It mandates CASPs to register with the FMA before operating and comply with AML obligations under the nation’s Due Diligence Act. In its 2025 amendment, it simplified the registration process for CASPs already licensed under other financial laws (including MiCA), removed prior approval requirements in favour of FMA reporting, and allowed existing providers to continue operating until 31 December 2025 if they apply for MiCA authorisation.

  • The Due Diligence Act, 2008 (amended 2025), lays down the AML/CFT legal framework in Liechtenstein. It subjects CASPs to AML duties such as customer due diligence and reporting of suspicious activity to the Financial Intelligence Unit (FIU). In its 2025 amendment - Art. 9b (2a), the law mandated CASPs to “use state-of-the-art computerised systems to conduct a risk-based assessment of the history of the relevant crypto-assets”.

  • Lithuania (EU Member)

  • The Market in Crypto-Asset Law (2024) transposes the EU MiCA into national legislation, designating the Bank of Lithuania as the competent authority responsible for licensing and supervising CASPs. The Bank of Lithuania also publishes guidelines and licensing rules for CASPs and maintains a register of virtual currency exchange operators and depository virtual currency wallet operators.

  • The AML/CFT Law, amended in July 2025, recognises crypto exchanges as obliged entities required to comply with AML/CFT regulations. These entities must register with the Financial Crime Investigation Service (FCIS). The amendments made in 2004 and 2025 aligned the law’s provisions with the MiCA and introduced stricter compliance duties and penalties for CASPs.

  • Notable case: In 2024, the FCIS fined UAB Payeer 1.06 million EUR for infringing AML/CFT laws.

  • Law on Tax Administration (amended 2025) transposes the provisions of EU DAC8 and is set to come into force on 1st January 2026. This law mandates CASPs to report user and transaction data to the State Tax Inspectorate (STI), imposes penalties for non-compliance, and enables cross-border information sharing. This measure aims to combat tax fraud, evasion, and avoidance on an international scale.

  • Luxembourg (EU Member)

  • Law of February 6, 2025, implements the EU’s MiCA and TFR into national legislation and amends several other laws, including those on AML, Financial Services, and Payment Services. It repeals the previous VASP registration regime effective from 30 December 2024, placing crypto-asset service providers under the supervision of the Commission de Surveillance du Secteur Financier (CSSF) as MiCA-authorised CASPs. Transitional provisions will allow prior VASPs to continue operating until 1 July 2026.

  • The Law of 12 November 2004 (amended in 2025) provides the legal framework for combating money laundering and terrorist financing in Luxembourg. The 2020 Amendment established a regulatory and supervisory regime for VASPs. In the 2025 Amendment, the previous registration requirement was abolished and replaced with MiCA authorisation, while the supervisory and sanctioning powers were updated to align with the EU’s MiCA and TFR.

  • Malta (EU Member)

  • The Market in Crypto-Asset Acts (CAP. 647) transposes the EU MiCA into national law. The Malta Financial Services Authority (MFSA) is the competent authority under the law and has the power to administer and make rules for CASPs. The MFSA has published Guidance and Notes to clarify licensing, conduct, and supervisory expectations under the MiCA framework. It also maintains a Register of registered CASPs.

  • Notable case: In 2025, MFSA published a warning against TheChange.io as an unlicensed entity operating in Malta.

  • Prevention of Money Laundering Act (CAP. 373), amended in 2024, establishes the legal framework for anti-money laundering in Malta, designating crypto-asset service providers (CASPs) as “subject persons” required to comply with AML/CFT obligations under the supervision of the Financial Intelligence Analysis Unit (FIAU).

  • Prevention of Money Laundering and Funding of Terrorism Regulations (Subsidiary Legislation 373.01), amended in 2024, implements and details the AML obligations under Cap. 373, such as customer due diligence, suspicious transaction reporting, and risk assessment. It explicitly extends these obligations to CASPs and aligning with FATF recommendations and EU directives.

  • Virtual Financial Assets Act (2018) establishes Malta’s regulatory framework for crypto-assets by defining Virtual Financial Assets (VFAs), regulating initial offerings (ICOs), and requiring service providers such as exchanges, wallet providers, and advisors to be licensed and supervised by the MFSA.

  • Moldova

  • National Bank of Moldova Publication (September 2024): In Moldova, crypto trading platforms are unregulated and unsupervised by any competent authority, and any entity offering services is operating outside the legal financial framework and offers no consumer protection.

  • Law No. 66/2023 amends Moldova’s AML/CFT Law (Law No. 308/2017) by defining crypto-asset terminology, classifying VASPs as reporting entities, and inserting a provision which prohibits the provision of crypto-asset services within Moldova as of 1 July 2023, with administrative and criminal penalties for non-compliance.

  • Monaco

  • Law No. 1.528 of July 2022 (amended 2024) establishes the regulatory framework for crypto-related services in Monaco. It defines crypto-assets, sets out the types of services that require authorisation, and delegates oversight to either the Minister of State or the Commission de Contrôle des Activités Financières (CCAF), depending on the service. In its 2024 amendment, the law introduced licensing exemptions for limited crypto activities, streamlined onboarding for already-authorised financial entities, expanded CCAF’s oversight to new crypto services like staking, added transitional provisions for existing providers, and aligned terminology with EU MiCA and FATF standards.

  • Law No. 1.559 of February 2024 is the AML/CFT legal framework. It mandates CASPs to comply with identification, reporting, and due diligence rules, while also enhancing supervisory and enforcement powers concerning financial activities related to digital assets.

  • Montenegro

  • The Law on the Prevention of Money Laundering and Terrorism Financing (Official Gazette No. 110/23, Dec. 2023; 065/24, Jul. 2024; & 024/25, Mar. 2025) introduced provisions related to cryptocurrencies in its 2025 amendment. This marks the establishment of Montenegro’s first regulatory framework for crypto activities. The law mandates that CASPs register in a public registry and comply with AML/CFT obligations, with sanctions imposed for non-compliance.

  • Netherlands (EU Member)

  • The Law of 11 December 2024 (Uitvoeringswet verordening cryptoactiva) amends the Financial Supervision Act and the Economic Offences Act to implement the EU MiCA into Dutch national law. Under this legislation, De Nederlandsche Bank (DNB) and the Autoriteit Financiële Markten (AFM) are granted regulatory and supervisory responsibilities to prohibit or suspend the offering, trading, advertising, and distribution of crypto-assets, to require modifications of crypto-asset white papers, and impose immediate cessation of unauthorised crypto-asset activities. Additionally, the amendment made to the Dutch Economic and Offences Act makes non-compliance with certain provisions (e.g. Articles 4, 16, 58, and 88) criminally enforceable.

  • Decree of 11 December 2024 (Uitvoeringsbesluit MiCA en TFR) is a supplementary regulation that implements EU MiCA and TFR into national law. It provides an implementation and enforcement framework and explicitly divides the roles of AFM (to supervise unbacked crypto-assets and most crypto service providers) and DNB (to oversee stablecoins and their prudential requirements). Enforcement specified under this law includes administrative fines and disqualification for serious violations. Additionally, it stipulates that the transition period for currently registered providers ends on 30 June 2025, after which compliance with MiCA is mandatory.

  • AML/CFT Act (Wwft) has undergone several amendments. However, in 2020, the amendment included custodial wallet providers and crypto-fiat exchanges as obliged entities, necessitating their registration with DNB and compliance with AML provisions. The 2024 amendment aligned with the EU MiCA provisions; this amendment mandated that CASPs transmit identifying information of users during transfers and monitor, reject, or freeze transfers that lack the required data. In 2025, the amendment was further extended to encompass a wider array of crypto activities, including issuers, platforms, and exchanges. This amendment introduced several penalty categories, such as fines, suspensions, and bans, while also criminalising non-compliance under the Economic Offences Act.

  • Notable case: In August 2024, DNB penalised Peken Global Limited (‘KuCoin’) for offering crypto services in the Netherlands without legally required registration.

  • North Macedonia

  • The AML/CFT Law (Gazette No.151/2022 – amended October 2024) introduced definitions for virtual assets and regulations for Virtual Asset Service Providers (VASPs), requiring them to register with the Financial Intelligence Unit (FIU). It enforces AML obligations, bans anonymous crypto technologies (e.g., privacy coins), and establishes a €500 transaction threshold for full AML compliance. The 2024 amendment expanded obligations for corporate groups, mandating that all transfers over €500 include sender and recipient identities and transaction metadata (e.g., timestamp, hash). The registration process changed, allowing the FIU to verify physical presence before accepting registrations. VASPs must report synthetic transactions aimed at evading detection and any linked transfers between wallets of the same entity, even if conducted by separate VASPs.

  • The Fintech Strategy for Financial Regulators 2023–2027, published by the National Bank of the Republic of North Macedonia in April 2023, outlines key plans for regulating crypto and virtual assets. The strategy aims to align with the EU’s MiCA framework and FATF standards, introduce licensing for service providers, enhance consumer protection, and support blockchain innovation through a regulatory sandbox.

  • Norway

  • Prop. 55 LS (2024-2025) – Lov om kryptoeiendeler (Kryptoeiendelsloven) transposes the EU MiCA into Norwegian national law, creating a comprehensive legal framework for the issuance, trading, and supervision of CASPs, effective from 1 July 2025. This framework includes licensing, investor protection measures, and market abuse prevention. The Finanstilsynet (Financial Supervisory Authority - FSA) will be granted supervisory authority, while the European Free Trade Association Surveillance Authority (EFTA Surveillance Authority - ESA) will oversee significant tokens, that is, crypto tokens that are larger or systemically important.

  • Prop. 54 LS (2024–2025) amends several Norwegian laws, including the Money Laundering Act, Financial Institutions Act, and Securities Trading Act, to incorporate the EU TFR and DORA into national legislation. This implementation mandates that CASPs collect and share sender and receiver data, adhere to stringent cybersecurity and operational standards, and operate under the oversight of Finanstilsynet, effective from 1 July 2025.

  • Prop. 91 L (2024–2025) incorporates the OECD’s CARF and amendments to the Common Reporting Standard (CRS) into Norwegian law. From 2026, it mandates tax reporting for crypto-asset service providers in Norway, requiring them to submit detailed user and transaction data in line with the OECD’s global CARF standard to combat tax evasion.

  • AML Act of 2018 designated CASPs as obliged entities, subjecting them to AML/CFT obligations and requiring registration with Finanstilsynet. The 2024-2025 amendment fosters traceability and transparency in cryptocurrency transactions, along with compliance in the legal sector. Lawyers must conduct AML checks when assisting clients with financial transactions or in company formation activities. However, exemptions apply when lawyers are representing clients in court or assessing legal status.

  • Notable case: In February 2025, Økokrim charged four men with defrauding investors of over NOK 900 million through a fake crypto scheme. Over NOK 700 million was laundered by concealing criminal proceeds and failing to report suspicious activity.

  • Poland (EU Member)

  • The Crypto-Asset Market Act (2025) establishes a comprehensive licensing and supervisory framework for crypto-asset service providers and token issuers under the oversight of the Komisja Nadzoru Finansowego (KNF - Financial Supervision Authority). This Act aligns national legislation with the EU’s MiCA and TFR and introduces stringent rules concerning operations, client protection, reporting, and enforcement. Additionally, it amends several existing laws, including the AML Act, as well as the Civil and Penal Codes and the Tax Codes.

  • Notable case: In June 2025, in exercise of its oversight functions, KNF approved the prospectus for the Beta ETF Bitcoin Portfolio FIZ submitted by Towarzystwo Funduszy Inwestycyjnych SA.

  • The AML Act of 2018 was amended in 2021 to include VASPs as obligated entities, requiring registration in the Virtual Asset Service Provider Register and adherence to AML/CFT obligations. The 2023 amendment introduced stricter penalties for failing to register as a CASP, as well as administrative fines for AML violations, with oversight from the Head of Krajowa Administracja Skarbowej (KAS- National Revenue Administration). Future amendments in 2024 and 2025 aligned the law with the EU MiCA, requiring CASPs to verify sources of funds for high-risk transactions above specified thresholds and clarifying licensing and transitional periods, with joint supervision from KNF and KAS.

  • Published Tax Rules by the Ministry of Finance guide how cryptocurrencies are taxed in Poland. For instance, a 19% income tax is charged on income obtained from the sale of virtual currencies, and a report must be submitted annually using Form PIT 38.

  • Portugal (EU Member)

  • The EU MiCA applies to Portugal as a member of the EU. However, there is currently no national implementing law in place. The Bank of Portugal has indicated that, despite the MiCA regulation being legally effective, only existing and operational CASPs registered with it under Law No. 83/2017 and Notice No. 3/2021 as of 30 December 2024 may continue their activities during this transitional period. Furthermore, the bank is not yet accepting new authorisation applications under MiCA due to the national legal vacuum.

  • Law No. 83/2017 is Portugal’s AML/CFT law. Amendments from Laws No. 58/2020 and 99-A/2021 require VASPs to register with the Bank of Portugal, implement AML/CFT measures (including KYC and reporting), and are subject to supervision. Non-compliance may result in sanctions, including fines and cancellation of registration.

  • Notable case: In 2021, the Lisbon Court of Appeal upheld the suspension of RC, Lda.’s bank accounts due to suspicions of money laundering and tax fraud, resulting in a freeze on all account activity by authorities under the AML Law.

  • Bank of Portugal Notice No. 1/2023 provides detailed rules on how registered VASPs are to fulfil the AML/CTF obligations, including governance (must have a compliance officer), risk monitoring (use of analytical tools and data systems), transaction analysis, and reporting duties.

  • Bank of Portugal Notice No. 3/2021 establishes the registration process for entities intending to carry out virtual asset activities in Portugal, detailing the required documentation and procedures under Article 112.º-A of Law No. 83/2017. The Bank maintains a register for VASPs.

  • Romania (EU Member)

  • Draft Ordinance (May 2025) implements the EU MiCA in Romania, designating the Financial Supervisory Authority (Autoritatea de Supraveghere Financiară – ASF) and the National Bank of Romania (Banca Națională a României – BNR) as competent authorities, establishing licensing rules for crypto-asset service providers (including those operating cryptocurrency automated teller machines), setting technical and security requirements, defining sanctions for non-compliance, and introducing a 0.5% supervisory fee on monthly revenues from crypto-related activities.

  • AML/CFT law, Law No. 129 of 2019 (amended in 2025), includes several important provisions. The 2020 amendment officially recognised VASPs and digital wallet providers as obliged entities, requiring them to comply with all AML/CFT regulations and to register appropriately before commencing operations. Further amendments made between 2021 and 2025 aimed to simplify registration obligations, facilitate electronic submission of beneficial owner declarations, implement enhanced due diligence for high-risk cases, and align the law with the EU MiCA.

  • Notable case: In July 2024, Romanian authorities recovered about 95% of funds that were illegally transferred from a blockchain, placed the suspects under judicial control, and held seized crypto assets with the National Agency for the Management of Seized Assets (Agenția Națională de Administrare a Bunurilor Indisponibilizate – ANABI).

  • PROCEDURA 05/06/2025 establishes a de minimis aid scheme for SMEs aimed at promoting green and digital investments. Notably, this scheme excludes cryptocurrency mining and storage systems from eligibility. Additionally, HOTĂRÂREA No. 25 (23/06/2025) extends taxation on cryptocurrency profits, integrates crypto into anti-evasion efforts, and introduces broader fiscal reforms designed to enhance transparency and compliance.

  • DECIZIA nr. 34/2021 by Romania’s High Court states that profits from virtual currency transactions are taxable as “income from other sources,” requiring individuals to declare and pay income tax and health contributions. This ruling allows the National Agency for Fiscal Administration (Agenția Națională de Administrare Fiscală – ANAF) to enforce taxation on crypto gains and sets the groundwork for future regulations. Furthermore, the 2025 CARF Commitment by the Ministry of Finance aligns Romania with the OECD’s CARF, mandating laws by 2027 for CASPs to identify clients, collect transaction data, and report it to ANAF for international sharing.

  • Russia

  • The Special Experimental Legal Regime (ЭПР- EPR) 2025 proposes a legal framework for limited cryptocurrency trading by specially qualified investors. This pilot programme introduces a three-year regime allowing only individuals with assets exceeding ₽100 million or an annual income of over ₽50 million, as well as qualified institutions, to engage in crypto trading. The use of cryptocurrency for payments outside this regime is prohibited, and violations will be penalised. Outside the regime, qualified investors may access crypto-linked derivatives or digital financial assets (DFAs) but will not have access to actual cryptocurrency delivery. The primary aim of this framework is to enhance transparency and manage risks while maintaining the status of cryptocurrency as non-legal tender.

  • Federal Law No. 418-FZ of 29 November 2024 integrates digital currency into the tax system by recognising it as property. It mandates tax reporting for income from mining and trading, requires quarterly reporting by mining operators, and exempts crypto mining, sales, and certain services from VAT. Income is defined based on market value using foreign exchange data, with no revaluation of crypto holdings for tax purposes. Simplified and self-employed tax regimes for crypto activities are restricted, but documented mining expenses can be deducted. FIFO (first in, first out) or unit-based cost accounting for disposals is permitted, and violations incur a ₽40,000 fine.

  • Federal Law No. 221-FZ of 8 August 2024 introduces mandatory registration for crypto miners and infrastructure operators, bans large-scale mining by unregistered entities, and restricts participation by individuals linked to crime or terrorism. It prohibits crypto advertising, limits digital asset access to approved investors, and allows foreign assets only if authorised and registered. Additionally, the Bank of Russia or the government can ban mining or limit energy use regionally.

  • Federal Law No. 259-FZ of 31 July 2020 regulates DFAs and Digital Currency in Russia. It defines DFAs, designates Information System Operators (ОИС) to issue DFAs and DFA Exchange Operators to trade them, both subject to Bank of Russia registration, AML/CFT rules, and licensing. The Bank of Russia oversees compliance, maintains registries, and sanctions. Mining, mining pools, and infrastructure providers are legally recognised and must be registered. However, digital currency is banned as a domestic payment method, but may be used in foreign trade under special regulatory regimes. Furthermore, the law also prohibits public promotion of digital currency, enforces KYC, and allows the Bank of Russia to restrict access to foreign digital assets and regulate investor eligibility.

  • Federal Law No. 115-FZ, enacted on 07.08.2001, is Russia’s AML/CFT law. This law has undergone various amendments up to 2025, categorising digital currency as property and integrating crypto-related activities—including issuance, exchange, and mining—into its regulatory framework. It designates crypto operators, such as DFA issuers, exchanges, and mining pool organisers, as obligated entities, requiring them to implement mandatory KYC measures, internal controls, transaction monitoring, and suspicious activity reporting. Furthermore, it empowers the Federal Service for Financial Monitoring (Rosfinmonitoring – Федеральная служба по финансовому мониторингу) to maintain blacklists of suspicious blockchain addresses, authorise wallet freezes, and enforce due diligence on crypto-related cross-border payments.

  • San Marino

  • Delegated Decree No. 138/2024 establishes the legal framework for tokens and crypto-assets using DLT and incorporates some tax treatment of crypto-assets. All DLT operators, local or foreign, must register with the Central Bank (for crypto-assets) or the Institute for Innovation (for utility tokens). A white paper must be published for public offerings unless exempted. The decree enforces consumer protection rules, including a 14-day withdrawal right and custody safeguards, introduces a digital public register, exempts capital gains on crypto up to €2,000 annually, and imposes fines of up to 10% of turnover or double the illicit gain for violations.

  • Law No. 92/2008 is San Marino’s AML/CFT law, which has undergone several amendments: in 2018, definitions for virtual assets and VASPs were introduced; in 2019, stronger preventive measures were implemented; in 2020, rules regarding beneficial ownership and VASPs were established; and in 2024, the law expanded the scope of virtual assets activities and reinforced the EU TFR. These amendments require VASPs to register and obtain licenses while fulfilling all AML/CFT obligations, including due diligence, monitoring, and compliance with EU TFR for transactions of €1,000 or more, under the supervision of the Financial Intelligence Agency.

  • Central Bank Regulation No. 2021-03 implements Delegated Decree 111/2021, establishing the requirements for banks to gain and retain authorisation for virtual asset custody services. This applies only to banks authorised under the Financial Companies Law. Some other requirements include insurance coverage (€5M+), technical certification, and cybersecurity measures with mandatory incident reporting.

  • Delegated Decree No. 111/2021 establishes a regulatory framework allowing only authorised banks to provide virtual asset custody services, subject to Central Bank approval, insurance, cybersecurity, and technical certifications, while imposing client protection duties, public registration, and AML-compliance obligations.

  • Delegated Decree No. 86/2019 creates a legal framework for recognised blockchain entities to issue utility and investment tokens via Initial Token Offerings (ITOs). This requires registration, Whitepaper/Prospectus disclosure, and truthful advertising, with a potential trust involved. It grants full income tax exemption on token transactions, applies AML/CFT obligations to investment token offerings of €1,000 or more, and empowers San Marino Innovation to oversee compliance.

  • Serbia

  • Law on Digital Assets (No. 153/2020) establishes rules for issuing and trading digital assets, dividing oversight between the National Bank of Serbia (for virtual currencies) and the Securities Commission (for digital tokens). Key provisions include licensing requirements for Serbian-incorporated VASPs with minimum capital, white-paper approval, restrictions on advertising, and allowances for secondary and over-the-counter (OTC) trading, as well as the use of smart contracts. Furthermore, the law applies AML/CFT and foreign exchange (FX) rules and prohibits market abuse.

  • AML/CFT Law first included crypto in its framework in 2020 by defining digital assets and designating VASPs with travel-rule duties, then in 2023 broadened coverage, in 2024 added proliferation-financing controls and clarified enhanced due diligence (including for VASP correspondent-type relationships), and in 2025 refined DLT/self-hosted/intermediary-VASP provisions, expanded crypto-transfer rules to include identification requirements, and standardised sanctioning criteria (e.g. severity and duration).

  • National Bank of Serbia Regulations & Decisions include VASP licensing and consent processes (including cross-border approvals), minimum-capital and periodic-reporting rules, public registers of providers and a non-public register of virtual-currency holders, strict client-asset segregation and recordkeeping, dinar/FX payment rules for primary and secondary transactions, and detailed white-paper content/approval for virtual-currency offerings.

  • Securities Commission Bylaws include procedures for token-service provider licensing and cross-border consents, minimum-capital calculation and periodic reporting, remote identity-verification standards, ICT governance and continuity controls, limits on advertising without an approved white paper, and the rulebook for white papers and subsequent white papers.

  • Notable case: On 29 October 2024, the Securities Commission issued a warning on digital asset fraud after the shutdown of a fake cryptocurrency investment call centre ring in Belgrade.

  • Slovakia (EU Member)

  • Law No. 248/2024 Coll. implements the EU MiCA into national laws. It designates the National Bank of Slovakia (NBS) as the competent authority, granting it, amongst other powers, the power to issue binding, non-appealable, but judicially reviewable measures. Additionally, the law provides protections for the reserves of asset-referenced tokens and money tokens (ART and EMT). It also mandates training and examinations for CASP advisors and allows a transition period for MiCA CASPs until 30 December 2025.

  • Law No. 297/2008 Coll. (as amended) is the AML/CFT legal framework in Slovakia, regulating VASPs since their inclusion as obliged entities in the 2020 amendment. It mandates identity checks for crypto transfers of €1,000 or more, enhanced due diligence on foreign partner institutions before establishing cross-border correspondent relationships, reports for suspicious transactions to the Financial Intelligence Unit (FIU), risk controls for self-hosted wallets, and compliance with the EU Transfer Regulation (TFR). It imposes sanctions of up to €1,000,000 for breaches, with banks and financial institutions facing fines of up to €5,000,000 or 10% of annual turnover.

  • Act No. 595/2003 Coll. (as amended) provides for the taxation of disposals of crypto-assets—including swaps, payments, or other transfers—based on fair value on the exchange date, and non-business gains are treated as “other income”. Entrepreneurs are taxed with deductions equalling the entry prices, while validation and mining receipts are deferred until disposal. Additionally, crypto-to-crypto exchanges are deemed as taxable. The Financial Directorate has published guidelines for crypto-taxation, including taxation for non-business individuals and sole-traders/entrepreneurs.

  • Slovenia (EU Member)

  • Act No. 95/24 implements the EU MiCA into Slovenia’s national law. Under the law, the Securities Markets Agency (ATVP) is designated as the competent authority for authorisations relating to CASPs and asset-referenced tokens (ART), while the Bank of Slovenia is responsible for e-money tokens. The regulation mandates MiCA disclosure duties, including whitepapers, marketing alignment, holder notifications, and CASP client information. It also empowers inspections and prescribes fines for different offences. For instance, certain market-abuse breaches can attract up to €15 million or 15% of turnover fines. Existing providers are granted a transition period until 1 July 2025.

  • Act Amending the Implementation of the EU MiCA (2025) requires CASPs and asset-referenced token issuers to hold client crypto-assets in fiduciary accounts legally owned by clients and shielded from provider creditors, implementing MiCA’s segregation principle.

  • Tax Acts: Under personal income tax, capital gains from selling virtual currencies are tax-free for individuals outside business activity, while mining, airdrops, and forks are taxed as “other income” unless part of a registered business; under companies tax crypto gains per accounting rules as financial assets; under VAT crypto-fiat exchange and certain mining rewards are VAT-exempt, utility tokens are taxed like prepayments; under financial services tax act, crypto transactions equivalent to financial instruments are subject to financial services tax. Additionally, in April 2025, the Ministry of Finance submitted a proposal for the Income Tax Act on the disposal of cryptocurrencies and a new Profit Tax Act on the Disposal of Derivatives. It proposes a 25% flat tax on individuals’ crypto disposals with record-keeping and an optional simplified 5-year calculation, effective 1st January 2026, if adopted, and a parallel 25% flat tax on derivatives regardless of holding period.

  • AML/CFT Act (as amended) included VASPs as obliged entities subject to all AML/CFT provisions in 2017. It introduced mandatory registration and disclosure of ownership for VASPs in 2021, and by 2023, adopted the EU MiCA’s definition of crypto-assets, extending AML/CFT obligations to CASPs.

  • Spain (EU Member)

  • Law 6/2023 establishes the framework for implementing the EU MiCA in Spain. It designates the Comisión Nacional del Mercado de Valores (CNMV) as the authority responsible for supervising the issuance, offering, and admission to trading of crypto-assets that are not classified as financial instruments under MiFID II. Additionally, the Bank of Spain is assigned authority over e-money tokens and asset-referenced tokens where applicable. The law incorporates MiCA’s definitions and service categories, outlining Spain’s sanctions regime. A transitional period (30 December 2025) is provided for CASPs, and persons already providing crypto-related services or registered to do so in Spain before MiCA.

  • Notable case: In 2025, CMVA authorised several companies under MiCA.

  • Law 10/2010 is the AML/CFT law. In 2021, it expanded its scope to include crypto-related service providers as obliged entities. This inclusion mandates compliance with all AML/CFT provisions and requires registration with the Bank of Spain. Subsequent amendments to the law introduced additional regulations, such as those concerning beneficial ownership for legal persons and trusts, along with the establishment of a national beneficial ownership register.

  • Law 35/2006 (as amended) establishes the information-reporting requirements for custodians, exchanges, intermediaries, and ICO issuers. These entities are mandated to report to the Tax Administration all virtual currencies they hold in custody, as well as any acquisitions, disposals, swaps, transfers, and payments/receipts conducted in virtual currencies. The reports must include relevant details such as names, addresses, tax IDs, the class and number of coins, price, and date of transactions. Additionally, the Spanish Tax Agency provides guidelines regarding the taxation of cryptocurrencies.

  • Sweden (EU Member)

  • Proposition 2024/25:43 incorporates the EU MiCA and TFR into Swedish national law, designating the Finansinspektionen (FI) as the competent authority with the power to impose sanctions and fines, including temporary bans of up to 30 working days and permanent prohibitions on offerings and trading, while administrative fines can reach 15% of turnover or three times the profit; furthermore, the law stipulates that marketing rules for required customer information fall under the Marketing Act, meaning that information mandated by MiCA (whitepapers and customer disclosures), is considered material under this act. Thus, any missing or unclear information can trigger legal actions related to marketing law. A transition period is granted for pre-existing operators until 30 September 2025, or until a final decision is reached if they apply by 1 October 2025.

Act 2017:630 (as amended) serves as the AML/CFT law, mandating that CASPs are obliged entities required to comply with its provisions. The law stipulates that customer due diligence must be conducted for crypto or funds transfers exceeding EUR 1,000. Additionally, it mandates enhanced checks for transfers to or from unhosted (or stand-alone) addresses. Furthermore, extra due diligence and documentation are necessary when establishing correspondent relationships with third-country institutions, which include verifying the counterparties’ authorisation or registration. The law also prohibits anonymous accounts and services.

  • Tax Guidance from the Skatteverket (Tax Agency) clarifies that cryptocurrencies like Bitcoin are considered capital assets. As such, any sale, exchange (including crypto-to-crypto), payment for goods or services, or lending where the borrower can use the coins constitutes a taxable disposal. This must be reported on Form K4, Section D. Gains from these transactions are taxed at 30%, while losses are 70% deductible. Specific activities, such as ETH 2.0 staking rewards and mining, are taxed either as capital income or hobby/business income. Strict record-keeping is required to substantiate acquisition costs, sale prices, and wallet ownership.

  • Switzerland

  • SR 958.1 outlines the framework for DLT-securities and DLT trading systems, defining them and applying core venue rules such as transparency and orderly trading. Authorisation is required from the Financial Market Supervisory Authority (FINMA) to operate, with registration occurring only after authorisation. The Swiss National Bank is involved if the infrastructure is systemically important. The framework allows for private participants and establishes rules for admission, custody, and settlement, while extending market-abuse bans to instruments on DLT venues. Additionally, the FINMA provides further guidelines for providers of crypto services.

  • Notable case: In March 2025, BX Digital AG was licensed by FINMA as the first DLT trading facility.

  • SR 957.1 is the Book Securities Act (BEG). It provides that when a tokenised (ledger-based) securities are credited to a securities account and held through an intermediary (custodian, central securities depository, etc.) to become an intermediated security, and thus subject to its rules for creation, transfer, collateral, and custody liability.

  • SR 958.11 specifies the application process to the Swiss Financial Market Supervisory Authority. It defines when operating a distributed ledger technology system is considered a commercial activity, triggering a ten-day notification and a sixty-day licence filing (or ninety days for adjusted filings if a small system exceeds size limits). It sets minimum capital requirements of one million or five million Swiss francs for these systems.

  • SR 220 OR establishes the legal framework for tokenisation, creating ledger-based securities that confer full civil-law rights, including obligations for payment, transfer, pledge, resolution of lost keys, and issuer liability.

  • SR 950.1 Finanzdienstleistungsgesetz (Financial Services Act – FIDLEG) and SR 950.11 Finanzdienstleistungsverordnung (Financial Services Ordinance – FIDLEV) provide investor protection. FIDLEG allows for a token structured as a register-based security to qualify as a security, thus falling under the standard conduct and disclosure requirements. If the tokenised security is listed on a DLT trading system, the same prospectus rules that apply in traditional venues are included in the existing investor protection framework. FIDLEV facilitates this process, and no new prospectus is required for securities already listed on another Swiss venue or DLT system. Switzerland can also recognise foreign DLT systems.

  • SR 954.1 Finanzinstitutsgesetz (Financial Institutions Act – FINIG) and SR 954.11 Finanzinstitutsverordnung (Financial Institutions Ordinance – FINIV). FINIG outlines the firms under securities-firm supervision, mandating retail-facing firms to join an ombuds scheme. FINIV extends trade recording/reporting requirements to instruments on DLT trading systems, integrating crypto-securities services into the same supervisory framework as traditional ones.

  • Swiss AML framework (AMLA/AMLO/AMLO-FINMA) classifies DLT trading facilities as financial intermediaries, subjecting them to all AML obligations, including KYC, beneficial owner identification, and reporting. Virtual currencies are treated as means of payment and payment services when assisting clients with transfers. Accepting assets, including virtual currencies, and disbursing cash or virtual currencies, or wiring value over a system, are classified as Money or Value Transfer Services (MVTS), necessitating full AML compliance. Additionally, if a single crypto transaction (or linked transactions) exceeds CHF 1,000, the customer must be identified, provided there is no money/value transfer or ongoing relationship. Anti-structuring technology is required to prevent bypassing this limit for over 30 days.

  • Tax Guidance provided by the Federal Tax Administration (FTA) categorises tokens into payment, asset (debt, contract-based, equity), and utility, with distinct tax implications for holders and issuers. Holders face a wealth tax on the year-end value of tokens, while private trading gains are generally tax-free, and losses are non-deductible. Additionally, income from mining, staking, airdrops, and token wages is taxable. For issuers, debt tokens incur withholding tax and often securities transfer tax on interest. Equity-like tokens are treated as capital contributions with dividend withholding and issuance duty. Utility or contract-based tokens are taxed as revenue at issuance, typically exempt from withholding and stamp duties.

  • Ukraine

  • Law on Virtual Assets (which is not yet in force) defines both secured and unsecured virtual assets and clarifies that they are not considered legal tender. It establishes the jurisdictional scope and assigns oversight to the National Securities and Stock Market Commission (NSSMC), while the National Bank (NBU) is responsible for currency-backed virtual assets. Additionally, the law mandates that Virtual Asset Service Providers (VASPs), which include custody, exchange, transfer, and intermediation services, must operate as legal entities with specific permits and minimum capital requirements. It also requires disclosures for public offers and introduces a travel rule for virtual assets and funds transfers through amendments to anti-money laundering regulations.

  • AML/CFT Act designates VASPs as obliged entities, requiring them to implement customer due diligence and KYC protocols. Additionally, they must report suspicious and over-the-threshold transactions, maintain records for five years or more, and conduct targeted sanctions screening and freezing. The Act incorporates the travel rule for transfers of funds and virtual assets, and assigns supervision to the Ministry of Digital Transformation.

  • Cabinet Ministers Resolution No. 662 (2023) states that the Ministry of Digital Transformation supervises service providers involved in the circulation of virtual assets. It grants the Ministry the authority to conduct risk-based onsite and offsite checks, whether planned or unplanned. Furthermore, when multiple state AML supervisors oversee the same entity, they are to carry out a joint planned inspection.

  • Ministry of Finance Order No. 465 (2022) outlines key risk indicators associated with virtual assets. These include using virtual assets in operations that lack a clear legal, tax, commercial, economic, or other lawful justification. Additionally, the use of virtual assets and anonymous payment methods, as well as transactions that appear to lack economic purpose or an apparent lawful aim, are considered red flags. Such indicators should elevate risk assessments and trigger enhanced measures.

  • National Bank Resolutions No. 65 & No. 107 of 2020 mandate that banks classify VASP-related clients as high risk. Consequently, they must implement enhanced due diligence and ongoing monitoring. Similarly, non-bank financial institutions are required to treat virtual asset activities as high risk and must implement strong AML/CFT controls.

  • United Kingdom

  • The Financial Services and Markets Act (FSMA) (Draft Order 2025) introduces and amends regulations for cryptoassets, addressing issues such as clarifying fiat-referenced stablecoins, stating that sums exchanged for these stablecoins are not considered ‘deposits’, outlining the safeguarding and custody requirements for qualifying cryptoassets, and tightening financial promotions by adding controlled activities related to custody, platforms, and staking, and at the same time defining what “qualifying cryptoasset” and “qualifying stablecoin,” are. The draft order also amends the AML law to require the FCA to maintain an AML register for exchange and custodian wallets only where firms are not FSMA-authorised. Additionally, authorised cryptoasset firms must notify the FCA when they act as exchange or wallet providers, as well as when they cease such activities.

  • FSMA, as amended, brings cryptoassets under its framework. It introduces a designated activities rule for the marketing of cryptoassets, regulating related conduct even for firms that aren’t formally authorised. It establishes a framework for stablecoins, referred to as digital settlement assets (DSAs), covering issuers, custodians, and exchanges. The Act empowers the Bank of England, the Financial Conduct Authority, and the Payment Systems Regulator to oversee key providers under a Financial Market Infrastructure type administration. Additionally, it grants the Treasury the authority to adapt the electronic money and payments law to stablecoins. Furthermore, the Act opens a sandbox for testing settlement using distributed ledger technology, delivering clearer marketing rules, enhanced consumer and system safeguards, and the flexibility to update regulations quickly.

  • FSMA Order (Financial Promotion), as amended, brings crypto advertising under the FSMA marketing rules by establishing a qualifying cryptoasset (QCA) as a controlled investment for financial promotion purposes. To qualify as a QCA, an asset must be interchangeable and transferable; it specifically excludes electronic money, fiat currency (including digitally issued fiat), and limited-use tokens. The order allows anti-money-laundering–registered crypto exchanges and custodians to promote their own ads under strict conditions. Additionally, it extends certain exemptions, including the “sale of goods and supply of services” exemption, to QCA communications. This amendment provides the Financial Conduct Authority (FCA) with clear tools to oversee these promotions.

  • FSMA Order (Regulated Activities), as amended, outlines the criteria for what constitutes regulated investments and activities. It applies to cryptocurrencies when a token qualifies as electronic money or a security/financial instrument. Additionally, the order encompasses products that are derivatives, such as contracts for difference, which reference cryptocurrencies.

  • AML/CFT Law (as amended), in its 2019 amendment, brought CASPs and custodian wallet providers into scope, mandating registration with the Financial Conduct Authority (FCA) and requiring customer due diligence for crypto automated teller machine (ATM) transactions. The 2022 amendment introduced the travel rule, which mandates that sender and recipient information accompany transfers. It also requires customer due diligence on cryptoasset transfers of €1,000 or more, strengthens record-keeping practices, and mandates immediate responses to law enforcement requests and FCA reporting. Additionally, it introduced change-of-control approval for registered crypto firms. The 2023 amendment updated the treatment of politically exposed persons, establishing a lower-risk baseline that can scale up in response to other risk factors. This amendment also outlines the supervisory role of the FCA.

  • Notable case: In February 2025, in FCA v Olumide Osunkoya, the defendant was convicted over unregistered crypto ATMs and failing AML checks.

  • The Economic Crime and Corporate Transparency Act (amended) amends the Proceeds of Crime Act 2002 (POCA). It empowers enforcement officers—including police, Revenue and Customs officers, Serious Fraud Office officers, and accredited financial investigators—to search for, seize, and detain items related to cryptoassets. The Act requires that electronic information be produced in a readable format, enabling officers to identify or access wallets. Additionally, it permits the retention, disposal, or destruction of unclaimed crypto-related items after one year.

  • Tax Guidance: According to Revenue and Customs (RC) guidance, disposals of cryptocurrency—such as selling, swapping, or spending—are usually subject to Capital Gains Tax (CGT). Tokens received from an employer, through mining or transaction confirmation, or from specific airdrops are taxed as income. Whether one’s activities qualify as trading depends on various factors, including frequency, level of organisation, and intention; if it is a trade, profits are calculated in the usual way (receipts minus allowable expenses) and taxed as trading profits. Regarding location (“situs”) rules, if a token represents an underlying asset like gold or shares, the asset’s location is used. If there is no underlying asset, RC considers the token to be located where the beneficial owner resides.

  • Vatican City

  • The AML/CFT Law is based on Legge n. XVIII (2013), which was later amended by Legge n. CCXLVII (2018) to explicitly prohibit the provision of crypto, virtual, and synthetic currency services. Further amendments were made with Legge n. DCXIV (2023), which introduced detailed definitions for crypto/e-money/virtual/synthetic currency and expanded the scope of AML measures to include digital and electronic value, as well as Money Value Transfer Services (MVTS), but it still maintained the existing ban.

Conclusion

The regulatory frameworks governing blockchain-related activities in Europe are dynamic, comprising harmonised EU regulations and distinct national approaches that are constantly evolving. This article illustrates how a region comprising 46 countries strives to balance the technological innovation of blockchain with the necessary oversight. It outlines the current regulatory landscape and highlights the crucial roles of organisations such as the European Securities and Markets Authority (ESMA) and the Organisation for Economic Co-operation and Development (OECD), along with various national supervisory authorities, in shaping the future of digital finance.

As we move forward, the emphasis shifts from merely understanding the existing rules to considering their enforcement. Some countries have demonstrated practical implementation of these laws through legal cases, sanctions, and licensing, as showcased in this article. The next instalment of this series will explore the regulatory outlook of another key region. What is evident is that the global regulatory picture for blockchain-related activities is just beginning to take shape, and the story is far from over.