• Iceland

  • Act No. 140/2018 is Iceland’s AML/CFT law. The law recognises CASPs (describes them as obliged entities) and crypto-related services. The subjects CASPs to all its provisions, including obtaining registration before operating. The Central Bank of Iceland (CBI) has supervisory authority over CASPs, and it maintains a Register of VASPs that operate in Iceland.

  • Ireland (EU Member)

  • S.I. No. 607/2024 implements the EU MiCA in Ireland, granting the Central Bank of Ireland supervisory, investigatory, and administrative penalty powers over Crypto Asset Service Providers (CASPs).

  • The Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 (Revised 2025) designates Virtual Asset Service Providers (VASPs) as subject to all Anti-Money Laundering (AML) and Counter Financing of Terrorism (CFT) obligations. This includes requirements for customer due diligence and the reporting of suspicious transactions. Non-compliance can result in severe penalties, including fines or imprisonment. Additionally, VASPs are required to register with the Central Bank, and failure to do so is also an offence that may attract fines or imprisonment.

  • The Tax and Duty Guidance (June 2024), published by Revenue, outlines the tax treatment of crypto-assets, defined as any digital representation of value or rights transferable via distributed ledger technology (DLT). Taxation on crypto-assets varies:

  • Capital Gains Tax applies to most disposals of crypto-assets.

  • Income or Corporation Tax applies if trading activities are deemed a business.

  • Value Added Tax (VAT) applies to goods or services purchased using crypto, although crypto transactions are exempt.

  • Pay As You Earn (PAYE) or Capital Acquisition Tax (CAT) applies to crypto received as salary or gifts, which are subject to these taxes.

  • Remittance Basis applies to non-domiciled individuals bringing foreign income or gains into Ireland.

All activities require consistent valuation and a six-year recordkeeping period.

  • Italy (EU Member)

  • Legislative Decree No. 129/2024 implements the EU MiCA, laying down rules for CASP licensing, segregation of client assets, and criminal penalties for unauthorised crypto operations.

  • Decree No. 95/2025 allows VASPs already registered with Organismo Agenti e Mediatori (OAM), the registry of financial intermediaries, to continue to operate until 30th June 2026, and the submission of applications for MiCA authorisation until 30th December 2025. The OAM maintains a Register for licensed VASPs.

  • Legislative Decree No. 231/2007 (amended 2025) recognised VASPs, in its 2018 amendment - Decreto-legge 90/2018, as obliged entities under the AML/CFT law. VASPs are required to register with the Organismo Agenti e Mediatori (OAM) and comply with all AML/CFT provisions, including maintaining internal compliance programmes. The 2025 amendment introduces additional obligations for CASPs that have their registered office and central administration in another EU Member State but operate in Italy without a branch. These entities, which may provide crypto-asset services or utilise other types of infrastructure, such as crypto ATMs, must designate a Central Contact Point (Punto di Contatto Centrale, PCC) in Italy by 1 July 2025. This PCC will serve as the point through which they fulfil the obligations of this decree.

  • Kosovo

  • Law No. 08/L 295 “On Crypto Assets” was published in Kosovo’s Official Gazette in November 2024. This law regulates the issuance, trading, licensing, and supervision of crypto entities in Kosovo, aligning the country’s legal framework with the EU’s MiCA. It requires all Crypto Asset Service Providers (CASPs) to be licensed by the Central Bank of Kosovo (CBK), which also holds oversight authority. Furthermore, CASPs must register in a public register maintained by the CBK and publish a white paper detailing technical and financial disclosures before launching any crypto token or ICO. They are also subject to the AML obligations provided under Law No. 05/L096 (Kosovo’s AML/CFT Law). Additionally, foreign CASPs are mandated to appoint a legal representative in Kosovo.

  • Latvia (EU Member)

  • The Law on Crypto-Asset Services (2024) implements the EU MiCA in Latvia. It designates Latvijas Banka as the competent supervisory authority, granting it the power to issue detailed rules, collect reports, and supervise compliance. The law also outlines application fees, compliance obligations, penalties, and a transitional period for CASPs already providing services prior to 30th December 2024.

  • AML/CFT Act 2008 (amended 2019 & 2024) in its 2019 amendment, included CASPs as obligated entities under its AML/CFT law, requiring them to register with the State Revenue Service, and implement KYC/CDD, internal controls, and transaction reporting. The 2024 amendment aligned its provisions with the EU MiCA and TFR.

  • Liechtenstein

  • EWR-MiCA-DG (2024/2025) implements the EU-MiCA in national laws. It grants the Financial Market Authority (FMA) as the competent authority under the law, with the powers to administer, license, and penalise CASPs. The FMA provides guidelines on how CASPs should seek authorisation.

  • The Tokens and TT Service Providers (TVTG) Act, 2019 (amended 2025), established the legal framework for crypto-assets-related services (described in the law as Trustworthy (TT) transaction systems) in Liechtenstein. It mandates CASPs to register with the FMA before operating and comply with AML obligations under the nation’s Due Diligence Act. In its 2025 amendment, it simplified the registration process for CASPs already licensed under other financial laws (including MiCA), removed prior approval requirements in favour of FMA reporting, and allowed existing providers to continue operating until 31 December 2025 if they apply for MiCA authorisation.

  • The Due Diligence Act, 2008 (amended 2025), lays down the AML/CFT legal framework in Liechtenstein. It subjects CASPs to AML duties such as customer due diligence and reporting of suspicious activity to the Financial Intelligence Unit (FIU). In its 2025 amendment - Art. 9b (2a), the law mandated CASPs to “use state-of-the-art computerised systems to conduct a risk-based assessment of the history of the relevant crypto-assets”.

  • Lithuania (EU Member)

  • The Market in Crypto-Asset Law (2024) transposes the EU MiCA into national legislation, designating the Bank of Lithuania as the competent authority responsible for licensing and supervising CASPs. The Bank of Lithuania also publishes guidelines and licensing rules for CASPs and maintains a register of virtual currency exchange operators and depository virtual currency wallet operators.

  • The AML/CFT Law, amended in July 2025, recognises crypto exchanges as obliged entities required to comply with AML/CFT regulations. These entities must register with the Financial Crime Investigation Service (FCIS). The amendments made in 2004 and 2025 aligned the law’s provisions with the MiCA and introduced stricter compliance duties and penalties for CASPs.

  • Notable case: In 2024, the FCIS fined UAB Payeer 1.06 million EUR for infringing AML/CFT laws.

  • Law on Tax Administration (amended 2025) transposes the provisions of EU DAC8 and is set to come into force on 1st January 2026. This law mandates CASPs to report user and transaction data to the State Tax Inspectorate (STI), imposes penalties for non-compliance, and enables cross-border information sharing. This measure aims to combat tax fraud, evasion, and avoidance on an international scale.

  • Luxembourg (EU Member)

  • Law of February 6, 2025, implements the EU’s MiCA and TFR into national legislation and amends several other laws, including those on AML, Financial Services, and Payment Services. It repeals the previous VASP registration regime effective from 30 December 2024, placing crypto-asset service providers under the supervision of the Commission de Surveillance du Secteur Financier (CSSF) as MiCA-authorised CASPs. Transitional provisions will allow prior VASPs to continue operating until 1 July 2026.

  • The Law of 12 November 2004 (amended in 2025) provides the legal framework for combating money laundering and terrorist financing in Luxembourg. The 2020 Amendment established a regulatory and supervisory regime for VASPs. In the 2025 Amendment, the previous registration requirement was abolished and replaced with MiCA authorisation, while the supervisory and sanctioning powers were updated to align with the EU’s MiCA and TFR.

  • Malta (EU Member)

  • The Market in Crypto-Asset Acts (CAP. 647) transposes the EU MiCA into national law. The Malta Financial Services Authority (MFSA) is the competent authority under the law and has the power to administer and make rules for CASPs. The MFSA has published Guidance and Notes to clarify licensing, conduct, and supervisory expectations under the MiCA framework. It also maintains a Register of registered CASPs.

  • Notable case: In 2025, MFSA published a warning against TheChange.io as an unlicensed entity operating in Malta.

  • Prevention of Money Laundering Act (CAP. 373), amended in 2024, establishes the legal framework for anti-money laundering in Malta, designating crypto-asset service providers (CASPs) as “subject persons” required to comply with AML/CFT obligations under the supervision of the Financial Intelligence Analysis Unit (FIAU).

  • Prevention of Money Laundering and Funding of Terrorism Regulations (Subsidiary Legislation 373.01), amended in 2024, implements and details the AML obligations under Cap. 373, such as customer due diligence, suspicious transaction reporting, and risk assessment. It explicitly extends these obligations to CASPs and aligning with FATF recommendations and EU directives.

  • Virtual Financial Assets Act (2018) establishes Malta’s regulatory framework for crypto-assets by defining Virtual Financial Assets (VFAs), regulating initial offerings (ICOs), and requiring service providers such as exchanges, wallet providers, and advisors to be licensed and supervised by the MFSA.