Blockchain Governance: A Review of Global Regulatory Frameworks (Europe)

Introduction

Europe’s cryptocurrency regulations extend beyond the borders of the European Union (EU). This article examines 46 countries (the 44 UN members in Europe, plus Kosovo and the Vatican City) to illustrate how the region regulates blockchain in practice. Within the EU, frameworks such as the Markets in Crypto Assets Regulation (MiCA), the Travel Rule, and various other Directives and Guidelines create a harmonised regulatory environment. Some EU member states even went a step further to introduce criminal sanctions to bolster compliance.

In contrast, significant markets like the UK and Switzerland, along with numerous European Economic Area (EEA) states, neighbouring countries, and microstates, operate under distinct regulatory frameworks, each with unique timelines, permissions, and enforcement styles. As the second part of this series, this article builds on the North America article, employing the same template (laws, guidelines, licensing, cases, enforcement). This structure allows for a direct comparison of jurisdictions, facilitating informed planning for any cross-border or inter-jurisdictional activities.

  • The European Union (EU)

  • The Markets in Crypto-Assets Regulation (MiCA) 2023/1114 establishes uniform rules for crypto-assets and related services and activities within the EU. Some provisions of MiCA include definitions for essential terms and concepts, such as the scope of what is a “crypto-asset service”, mandates Crypto-Asset Service Providers (CASPs) to be authorised before operating (Title V stipulates the grounds for authorisation and withdrawal, and conditions of operating), specifies rules for crypto-asset White Paper, Consumer Protection, and Stable Coins (referred to as asset-referenced & electronic money tokens. The Regulation does not apply to crypto-assets that are unique and not fungible with other crypto-assets, such as digital art and collectibles.

  • Regulation (EU) 2023/1113 (Transfer of Funds Regulation - TFR), also known as the “Travel Rule”, amends Directive (EU) 2015/849[The Anti-Money Laundering and Combating the Financing of Terrorism EU Directive (AML/CFT)], expands the rules governing the transfer of funds to include crypto-assets and requires the inclusion of payer/payee or originator/beneficiary details during transfer of funds or crypto-assets. Chapter III of the Regulation outlines all obligations that CASPs must follow during the transfer transactions.

  • European Banking Authority (EBA) Guidelines

  • EBA/GL/2024/11, also known as the “Travel Rule Guidelines,” clarifies the steps Payment Service Providers (PSPs), CASPs, and their Intermediaries should take to detect missing or incomplete information that accompanies a transfer of funds or crypto-assets, and the procedures they should put in place to manage a situation where a transfer is lacking the required information.

  • EBA/GL/2024/01 amends ML/TF Risk-Factors Guidelines (EBA/GL/2021/02), extending the AML risk-factor guidelines to crypto-assets and CASPs. It also introduces crypto-specific risk factors and measures to combat them, such as CASPs having suitable and effective transaction monitoring and analytical tools, as well as applying enhanced customer due diligence (CDD).

  • The Directive on Administrative Cooperation (DAC8) is an EU Council Directive based on the Organisation for Economic Co-operation and Development’s Crypto-Asset Reporting Framework (OECD-CARF). It mandates the automatic exchange of information on crypto-assets between EU countries to combat tax fraud, evasion, and avoidance. Reporting CryptoAsset Service Providers (RCASPs) are also subject to reporting requirements and due diligence procedures. This Directive will become applicable across all EU Countries by 1 January 2026.

  • Commission Delegated Regulation (EU) 2025/299 of 31 October 2024 supplements the EU MiCA, setting regulatory technical standards requiring crypto-asset service providers to keep proportionate, management-approved, and annually tested business-continuity policies and plans—covering governance, timely client/authority communications, etc., to ensure continuity and regularity of services.

  • The European Securities and Markets Authority (ESMA) Guidelines (2025) cover the following key areas:

  • Maintaining secure systems and access controls for crypto-services.

  • Establishing rules for crypto-asset transfer services.

  • Clarifying reverse solicitation from third-country firms.

  • Defining suitability and periodic statement requirements for portfolio management.

  • Guiding the prevention and detection of crypto market abuse.

  • Establishing minimum knowledge and competence standards for staff.

  • Regulation 2022/858 of 30 May 2022 (the EU’s DLT Pilot Regime) establishes a time-limited EU pilot for market infrastructures based on distributed ledger technology (DLT), which includes DLT multilateral trading facilities, DLT settlement systems, and combined DLT trading and settlement systems. These infrastructures can trade and settle tokenised financial instruments under the oversight of the European Securities and Markets Authority (ESMA). The pilot allows for targeted, conditional exemptions from several regulations, including the Markets in Financial Instruments Regulation (MiFIR, Regulation (EU) No 600/2014), the Markets in Financial Instruments Directive II (MiFID II, Directive 2014/65/EU), and the Central Securities Depositories Regulation (CSDR, Regulation (EU) No 909/2014). Eligibility is limited to shares of issuers with a market capitalisation under €500 million, bonds and money-market instruments with issue sizes under €1 billion, and units in collective investment undertakings with assets under management under €500 million. Additionally, there is an aggregate cap of €6 billion per infrastructure and a €9 billion threshold that triggers transition off the pilot.

  • Albania

  • Law No. 66/2020, enacted in 2020, is Albania’s first regulation governing cryptocurrencies. It governs financial market activities based on distributed ledger technology (DLT), requires Virtual Assets Service Providers (VASPs) to obtain a license before operating, and mandates compliance with all Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) obligations. The Albanian Financial Supervisory Authority (AFSA) and the National Authority on Information Society (NAIS) are responsible for administration. The AFSA provides the procedures for obtaining a licence.

  • Notable case: In 2022, two crypto mining farms were shut down, and the perpetrators were arrested for failing to comply with provisions of the law.

  • AFSA Regulation (Amended 2020): This regulation focuses on preventing money laundering and the financing of terrorism. Article 3 includes VASPs among the regulated entities. It mandates all VASPs to conduct due diligence on clients and transactions, maintain records, and report suspicious transactions or those exceeding 1,000,000 Albanian LEK.

  • Andorra

  • Decrees 211/2023 & 213/2023 were both issued in May 2023 and form part of the government of Andorra’s strategy to promote digital innovation and the digital economy. They promote fintech research and development through a controlled testing environment known as a “sandbox” and establish the framework for registering and operating innovative start-ups.

  • Digital Assets Act (Law 24/2022) recognises blockchain and digital assets, granting them legal value in the form of cryptocurrency. It requires VASPs to be licensed and implement AML/CFT obligations, including the traceability of transactions and the maintenance of records for 10 years. The overseeing authority is the Andorran Financial Authority.

  • Decree 478/2022 establishes the regulatory framework for licensing and supervising persons dealing with digital assets and distributed ledger technology (DLT) Exchanges. It mandates all entities in the digital assets space to comply with all AML/CFT policies.

  • Law 9/2021 amends Law 35/2014 on electronic trust services to include trust services on the DLT. It provided definitions for various terms, such as immutability, distributed ledger, smart contract, consensus mechanism, and blockchain system.

  • Austria (EU Member)

  • MiCA-Verordnung-Vollzugsgesetz (MiCA-VVG): As a member of the EU, Austria has transposed all legal provisions of the MiCA Regulations under its national laws (MiCA-VVG). Supervisory authority lies with the Finanzmarktaufsichtsbehörde (Financial Market Authority).

  • The Financial Market Authority (FMA) Guidance: The FMA has provided a variety of guidelines for CASPs, such as the comprehensive guide for licensing CASPs, the procedures for white paper submission through its Secure Electronic Prospectus Portal (SEPP), and issuance of Asset Referenced Tokens (ARTs) or E-Money Tokens (EMTs). The FMA also maintains a Database for licensed CASPs.

  • Licensed company: BitPanda in April 2025.

  • Belarus

  • Decree No. 8 (2017), amended in March 2021, is a presidential decree that fosters a modern digital economy. It develops the High-Tech Park (HTP) for digital innovations, legalises tokens, and regulates other forms of blockchain-based activities, such as smart contracts and Initial Coin Offerings (ICOs), while offering tax benefits. The law mandates that crypto-platform operators hold a minimum of 1 million Belarusian Rubles in a Belarusian bank account and Exchanges at least two thousand Belarusian Rubles. The HTP maintains a list of resident companies on its website.

  • Decree No. 48 (2022), amended in April 2023, is a presidential decree aimed at combating illegal activities involving virtual assets. It establishes a register for virtual wallet addresses suspected of involvement in illicit activities, such as terrorism and fraud. It enables the seizure and sale of cryptocurrencies used in these illegal activities. The Supervisory Board of the Hi-Tech Park is tasked with administering the Register.

  • Belgium (EU Member)

  • The EU MiCA: As a member of the EU, this regulation directly applies in Belgium, even without transposition.

  • Royal Decree (08.02.2022): Prior to the EU MiCA, Belgium introduced crypto regulation in 2022 through a Royal Decree. The decree outlined the rules, conditions and procedures for Exchange and Custodian Wallet Service providers to register with the Financial Services and Markets Authority (FSMA) and operate in Belgium. They are mandated to be registered with the FSMA before operating, establish an independent audit function, implement procedures for verifying staff during recruitment, and have a share capital of € 50,000.

  • Notable case: In June 2023, the FSMA ordered Binance to stop all virtual currency exchange and custody services in Belgium due to a lack of registration or authorisation.

  • The FSMA Regulation (2023) governs advertising and promotional activities that aim to encourage consumers to purchase virtual currencies, whether by a company, a social media influencer, or a trading platform. It mandates risk warnings for all virtual currency adverts and states the manner and procedure for presenting such risk warnings.

  • Bosnia and Herzegovina

  • AML Law (2024): Published in the Official Gazette BiH No. 13/24, this law extends its coverage to VASPs and virtual currencies. Under the law, VASPs are mandated to comply with all applicable AML/CFT obligations, including performing customer due diligence (CDD), developing risk assessment measures for money laundering and terrorist financing, monitoring transactions, and reporting suspicious activities to the Financial Intelligence Unit (FIU). Sanctions, such as monetary fines, are prescribed for non-compliance.

  • Službeni Glasnik RS, br. 63/22 (5 July 2022), amended the Securities Market Act of the Republika Srpska and introduced regulations for virtual assets and VASPs. It granted the Securities Commission (SC) the authority to register VASPs, supervise them for AML/CFT compliance, and impose penalties.

  • Notable case: Balkan Crypto Exchange (BCX) is the first VASP registered under this law with the SC.

  • Bulgaria (EU Member)

  • The EU MiCA: As a member of the EU, Bulgaria transposed the regulation into its national law in June 2025. CASPs in Bulgaria are expected to comply with the provisions by 31 December 2025.

  • The Measures Against Money Laundering Act (MAMLA), amended in 2023, before the coming into force of the EU-MiCA, subjects VASPs to AML/CFT obligations.

  • Croatia (EU Member)

  • The EU MiCA: As an EU member state, MiCA became applicable in Croatia on 30 December 2024. The National Bank and the Financial Services Supervisory Agency (HANFA) are the two bodies responsible for supervising crypto-assets in Croatia. Companies providing crypto-services (including those with HANFA’s registration under the AML/CFT Act) are expected to apply for MiCA authorisation from HANFA by 1st July 2026.

  • Crypto-Asset Reporting Framework (CARF): In November 2023, Croatia announced, in a joint statement with other countries, its intention to implement the OECD Crypto-Asset Reporting Framework (CARF). Transposing the CARF into national law has begun, with implementation to start in 2027.

  • Anti-Money Laundering and Terrorist Financing Act (Official Gazette no. 108/17, 39/19, 151/22): Before the implementation of the EU-MiCA, all entities providing virtual asset-related services were regulated under this Act and required to register with the HANFA. HANFA maintains a Register of entities authorised to offer crypto-asset services under MiCA.

  • Notable case: Several Companies such as Digital Assets d.o.o. and White Tech d.o.o. have registered with HANFA.

  • Cyprus (EU Member)

  • The EU MiCA & TFR applies to all CASPs in Cyprus. The Cyprus Securities and Exchange Commission is the authority responsible for authorising and supervising CASPs. There is a transitional period (until 1st July 2026) for CASPs already registered under National laws to obtain MiCA-compliant registration.

  • Law 96(I)/2025 aligns Cyprus’ AML national legislation with the EU’s MiCA and TFR provisions.

  • Central Bank of Cyprus (CBC) Directive (K.D.P 120/2025) allows Cyprus-regulated banks to provide accounts to CASPs licensed under MiCA, integrating crypto service providers within the CBC’s AML supervisory remit.

  • The Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 (as amended in 2021) provides a comprehensive AML/CFT framework. It defines CASPs and subjects them to the same AML/CFT obligations as other financial institutions. The Securities and Exchange Commission maintains an official register of CASPs under this law. This register lists entities that are legally authorised to offer crypto-asset services in or from Cyprus.

  • Cyprus Securities and Exchange Commission (CySEC) Circulars: CySEC has issued several circulars on CASPs, providing essential guidance on the regulatory framework for cryptocurrencies in Cyprus.

  • Czech Republic (EU Member)

  • The Act on Digitisation of the Financial Market (2025) transposes the EU digital finance laws, including MiCA, into Czech national law. The law grants the Czech National Bank (CNB) licensing and supervisory authority over CASPs and activities related to crypto assets. It also amends the Trade Licensing Act (Act No. 455/1991 Coll.) – Annexe, removing the free trade licence category. Persons previously providing virtual asset-related services under this licensing regime are allowed a transitional period (until July 1, 2026) to obtain MiCA authorisation.

  • AML Act No. 253/2008 (as amended in 2017) subjects all virtual asset services and service providers to AML/CFT obligations, including customer due diligence and the reporting of suspicious transactions.

  • The Trade Licensing Act (Act No. 455/1991 Coll.) – Annexe is an amendment to the Trade Enterprise Act (1991), which introduced activity No. 81 (provision of services related to virtual assets) into the free trade categories and a licensing regime for providers of these services. This licensing regime has now been discontinued.

  • Financial Administration’s Tax Guidance (2022) classifies cryptocurrencies as intangible property, with profits from sales or exchanges subject to personal or corporate income tax. Crypto-to-fiat exchanges are exempt from VAT. Mined crypto is only when sold, and individuals or businesses must report crypto earnings exceeding CZK 15,000 annually.

  • Denmark (EU Member)

  • Law No. 481 of 22/05/2024 amends various laws in Denmark, including the Financial Business Act and the Capital Markets Law. It incorporates the EU MiCA and aligns its provisions to the EU Travel Rule (for AML/CFT compliance). Finanstilsynets (Financial Supervisory Authority) is mandated with licensing and administrative authority and maintains a portal for the application of licences.

  • Law No. 409 of 29 April 2025 aligns the EU DAC8 (law on crypto-asset reporting) with national law. It gives Skatteministeren (Ministry of Taxation) the power to make rules on crypto-related transactions reporting for CASPs.

  • Tax Administration Guidance: Provides several guidelines for the current taxation of crypto-assets in Denmark. Meanwhile, a new crypto-asset taxation law is being proposed, which will clarify the tax rules. Recommendations published by the Tax Council in an October 2024 Report are proposed to be the basis for this new law.

  • Notable cases: Cases BS-32180/2021-HJR & BS-17439/2022-HJR, in both cases, the court held that profits from cryptocurrency mining and subsequent sales are subject to taxation, regardless of acquisition method (purchase, mining, or donation), subject to narrow speculation exemptions.

  • Estonia (EU Member)

  • Market in Crypto-Assets Act (2024) implements the EU MiCA and Digital Operations Resilience Act (DORA) in Estonia’s national law. Finantsinspektsioon (Financial Supervisory Authority) is the designated supervisory authority.

  • Money Laundering and Terrorist Financing Prevention Act (2017) subjects VASPs to AML/CFT obligations. It provided the framework for licensing of VASPs in Estonia before the EU MiCA and granted supervisory and licensing authority to the Financial Intelligence Unit (FIU). The FIU has published several guidelines on virtual asset-related activities.

  • Notable case: B2BX Digital Exchange OÜ, facing licence revocation from the FIU after significant deficiencies were found in its operations, voluntarily relinquished its license on January 31, 2025.

  • Finland (EU Member)

  • Law 402/2024 implements the EU MiCA in Finland’s national law and repeals the 2019 Act on Virtual Currency Providers. A transition period was made for VASPs that were previously registered by the Financial Supervisory Authority (FIN-FSA) under the 2019 Act if they apply for MiCA authorisation by 30th October 2024.

  • FIN-FSA Regulations and Guidelines of 2/2023 (updated 06/2025) subject VASPs to AML/CFT obligations, while those of 4/2023 (updated 01/2025) address compliance with sanction laws and national freezing orders.

  • France (EU Member)

  • Law no. 2025-391 (April 2025) establishes the legal framework for using crypto-asset pledges as collateral. This gives the owner of a crypto-asset the possibility of getting a crypto-asset-backed loan. Additionally, the law transposes the EU TFR into French law.

  • Law no. 2025-127 (February 2025) mandates tax reporting obligations on crypto-asset transactions. It requires CASPs to report crypto transactions with complete identification and transaction data, mandates users with foreign crypto wallets to declare holdings, and institutes penalties for undeclared or incorrectly declared crypto wallets.

  • Decree no. 2025-169 (February 2025) provides procedures for registration and authorisation of CASPs by the Autorité des Marchés Financiers (AMF- the Financial Markets Authority), administrative mechanisms, and enforcement rules. It allows CASPs already licensed or registered under the 2019 Plan d’Action pour la Croissance et la Transformation des Entreprises (PACTE Law) to continue to operate until July 2016 pending MiCA authorisation. AMF maintains a register of blacklisted CASPs.

  • Notable case: BYBIT & BITGET blacklisted by the AMF for non-compliance.

Ordinance n° 2024-936 (October 2024) implements the EU MiCA into French Law. It streamlines national laws on crypto asset-related activities.

Law no. 2023-171 (March 2023) is a transitional law between the national PACTE Law and the EU MiCA. It supplements and enhances the PACTE 2019 and expands the powers of the AMF.

  • PACTE Law (2019) is France’s first comprehensive regulatory framework for crypto-assets and CASPs. It set out AML/Know Your Customer (KYC) obligations for CASPs and required registration with the AMF.

  • Germany (EU Member)

  • Finanzmarktdigitalisierungsgesetz (FinmadiG) 2024 amended several laws in Germany, such as the German Banking and Securities Law, and implemented the EU MiCA. It also introduced the Crypto Markets Supervision Act - KMAG, which grants supervisory authority over CASPs and crypto-asset issuers to the Federal Financial Supervisory Authority (BaFin).

  • Kryptomärkteaufsichtsgesetz (KMAG) 2024 is part of Germany’s implementation law of the EU MiCA. It confers supervisory authority and powers to issue orders to the Federal Financial Supervisory Authority (BaFin).

  • Kreditwesengesetz (KWG) 1998 (amended February 2025) is Germany’s Banking Act. In its 2020 amendment, the law introduced crypto custody services and their licensing.

  • Kryptowertetransferverordnung (KryptoWTransferV) 2023 regulates and imposes due diligence obligations on crypto transfers. It aligned its provisions with the Financial Action Task Force (FATF) Travel Rule.

  • Money Laundering Act (Geldwäschegesetz – GwG 2017), amended in 2024, extends AML obligations to crypto-asset services and CASPs.

  • BaFin Guidance & Notices: Germany’s Federal Financial Supervisory Authority (BaFin) has published several guidelines on crypto service business and warning notices for unauthorised CASPs.

  • Notable case: BaFin issued a warning notice against Immediate Dash for unauthorised operation.

  • Greece (EU Member)

  • Law 5193/2025 (April 2025) is the national legislation that implements the EU MiCA. It amends several laws in Greece, such as Laws 4557/2018 (AML) and 4514/2018 (Markets in Financial Instruments Directive – MiFID II), lays down the licensing and sanctions regime, and grants the Hellenic Capital Market Commission and the Bank of Greece supervisory authority.

  • Law 4734/2020 (FEK A196/2020) amended Law 4557/2018 (the Greek AML law that defined virtual assets and imposed AML obligations on CASPs) and implemented the EU AML Directive 5 into national law. The amendment added increased due diligence obligations for CASPs and stricter supervision.

  • Hungary (EU Member)

  • Act VII of 2024 is a law on crypto-assets that transposes the EU MiCA into Hungarian national laws. It grants the Magyar Nemzeti Bank (MNB) supervisory authority over CASPs. It requires CASPs to be authorised before operating, and those previously registered prior to MiCA coming into force are expected to become MiCA compliant by July 1st, 2025.

  • Magyar Nemzeti Bank (MNB) Guidance: Published in March 2025, this guidance provides a breakdown of how CASPs can seek authorisation, the types of crypto services that require MNB authorisation, the licensing requirements that must be fulfilled, and AML and Travel Rule obligations. Additionally, the MNB published guidance regarding the authorisation of activities for Asset-Referenced Token Issuers.

  • AML Act, 2017 (amended 2024) subjects CASPs to AML/CFT obligations that apply to other financial institutions. The amendment to the law aligned its provisions with the EU Travel Rule and FATF Recommendations for VASPs.

  • Bill No. T/11922 (June 2025) amends several Hungarian laws, including the Criminal Code (2012. évi C. törvény), to enhance the competitiveness of Hungary. These amendments criminalise the abuse of crypto-assets and the unauthorised provision of crypto-asset exchange services. Under the new legislation, users of unauthorised crypto exchanges—those that are not validated or licensed—who convert crypto-assets into fiat or other crypto-assets face penalties of 2 to 5 years imprisonment. Similarly, unauthorised service providers (CASPs) can be punished with imprisonment ranging from 3 to 8 years. The length of the prison sentence is determined by the financial threshold involved in the offence. For example, a basic offence involving any unauthorised crypto exchange, irrespective of the value, can result in up to 3 years in prison. In contrast, a very high-value offence involving amounts of HUF 500 million or more could lead to a maximum of 8 years imprisonment.

  • Notable case: In response to this law, Revolut paused its crypto services in Hungary in July 2025.