• Moldova

  • National Bank of Moldova Publication (September 2024): In Moldova, crypto trading platforms are unregulated and unsupervised by any competent authority, and any entity offering services is operating outside the legal financial framework and offers no consumer protection.

  • Law No. 66/2023 amends Moldova’s AML/CFT Law (Law No. 308/2017) by defining crypto-asset terminology, classifying VASPs as reporting entities, and inserting a provision which prohibits the provision of crypto-asset services within Moldova as of 1 July 2023, with administrative and criminal penalties for non-compliance.

  • Monaco

  • Law No. 1.528 of July 2022 (amended 2024) establishes the regulatory framework for crypto-related services in Monaco. It defines crypto-assets, sets out the types of services that require authorisation, and delegates oversight to either the Minister of State or the Commission de Contrôle des Activités Financières (CCAF), depending on the service. In its 2024 amendment, the law introduced licensing exemptions for limited crypto activities, streamlined onboarding for already-authorised financial entities, expanded CCAF’s oversight to new crypto services like staking, added transitional provisions for existing providers, and aligned terminology with EU MiCA and FATF standards.

  • Law No. 1.559 of February 2024 is the AML/CFT legal framework. It mandates CASPs to comply with identification, reporting, and due diligence rules, while also enhancing supervisory and enforcement powers concerning financial activities related to digital assets.

  • Montenegro

  • The Law on the Prevention of Money Laundering and Terrorism Financing (Official Gazette No. 110/23, Dec. 2023; 065/24, Jul. 2024; & 024/25, Mar. 2025) introduced provisions related to cryptocurrencies in its 2025 amendment. This marks the establishment of Montenegro’s first regulatory framework for crypto activities. The law mandates that CASPs register in a public registry and comply with AML/CFT obligations, with sanctions imposed for non-compliance.

  • Netherlands (EU Member)

  • The Law of 11 December 2024 (Uitvoeringswet verordening cryptoactiva) amends the Financial Supervision Act and the Economic Offences Act to implement the EU MiCA into Dutch national law. Under this legislation, De Nederlandsche Bank (DNB) and the Autoriteit Financiële Markten (AFM) are granted regulatory and supervisory responsibilities to prohibit or suspend the offering, trading, advertising, and distribution of crypto-assets, to require modifications of crypto-asset white papers, and impose immediate cessation of unauthorised crypto-asset activities. Additionally, the amendment made to the Dutch Economic and Offences Act makes non-compliance with certain provisions (e.g. Articles 4, 16, 58, and 88) criminally enforceable.

  • Decree of 11 December 2024 (Uitvoeringsbesluit MiCA en TFR) is a supplementary regulation that implements EU MiCA and TFR into national law. It provides an implementation and enforcement framework and explicitly divides the roles of AFM (to supervise unbacked crypto-assets and most crypto service providers) and DNB (to oversee stablecoins and their prudential requirements). Enforcement specified under this law includes administrative fines and disqualification for serious violations. Additionally, it stipulates that the transition period for currently registered providers ends on 30 June 2025, after which compliance with MiCA is mandatory.

  • AML/CFT Act (Wwft) has undergone several amendments. However, in 2020, the amendment included custodial wallet providers and crypto-fiat exchanges as obliged entities, necessitating their registration with DNB and compliance with AML provisions. The 2024 amendment aligned with the EU MiCA provisions; this amendment mandated that CASPs transmit identifying information of users during transfers and monitor, reject, or freeze transfers that lack the required data. In 2025, the amendment was further extended to encompass a wider array of crypto activities, including issuers, platforms, and exchanges. This amendment introduced several penalty categories, such as fines, suspensions, and bans, while also criminalising non-compliance under the Economic Offences Act.

  • Notable case: In August 2024, DNB penalised Peken Global Limited (‘KuCoin’) for offering crypto services in the Netherlands without legally required registration.

  • North Macedonia

  • The AML/CFT Law (Gazette No.151/2022 – amended October 2024) introduced definitions for virtual assets and regulations for Virtual Asset Service Providers (VASPs), requiring them to register with the Financial Intelligence Unit (FIU). It enforces AML obligations, bans anonymous crypto technologies (e.g., privacy coins), and establishes a €500 transaction threshold for full AML compliance. The 2024 amendment expanded obligations for corporate groups, mandating that all transfers over €500 include sender and recipient identities and transaction metadata (e.g., timestamp, hash). The registration process changed, allowing the FIU to verify physical presence before accepting registrations. VASPs must report synthetic transactions aimed at evading detection and any linked transfers between wallets of the same entity, even if conducted by separate VASPs.

  • The Fintech Strategy for Financial Regulators 2023–2027, published by the National Bank of the Republic of North Macedonia in April 2023, outlines key plans for regulating crypto and virtual assets. The strategy aims to align with the EU’s MiCA framework and FATF standards, introduce licensing for service providers, enhance consumer protection, and support blockchain innovation through a regulatory sandbox.

  • Norway

  • Prop. 55 LS (2024-2025) – Lov om kryptoeiendeler (Kryptoeiendelsloven) transposes the EU MiCA into Norwegian national law, creating a comprehensive legal framework for the issuance, trading, and supervision of CASPs, effective from 1 July 2025. This framework includes licensing, investor protection measures, and market abuse prevention. The Finanstilsynet (Financial Supervisory Authority - FSA) will be granted supervisory authority, while the European Free Trade Association Surveillance Authority (EFTA Surveillance Authority - ESA) will oversee significant tokens, that is, crypto tokens that are larger or systemically important.

  • Prop. 54 LS (2024–2025) amends several Norwegian laws, including the Money Laundering Act, Financial Institutions Act, and Securities Trading Act, to incorporate the EU TFR and DORA into national legislation. This implementation mandates that CASPs collect and share sender and receiver data, adhere to stringent cybersecurity and operational standards, and operate under the oversight of Finanstilsynet, effective from 1 July 2025.

  • Prop. 91 L (2024–2025) incorporates the OECD’s CARF and amendments to the Common Reporting Standard (CRS) into Norwegian law. From 2026, it mandates tax reporting for crypto-asset service providers in Norway, requiring them to submit detailed user and transaction data in line with the OECD’s global CARF standard to combat tax evasion.

  • AML Act of 2018 designated CASPs as obliged entities, subjecting them to AML/CFT obligations and requiring registration with Finanstilsynet. The 2024-2025 amendment fosters traceability and transparency in cryptocurrency transactions, along with compliance in the legal sector. Lawyers must conduct AML checks when assisting clients with financial transactions or in company formation activities. However, exemptions apply when lawyers are representing clients in court or assessing legal status.

  • Notable case: In February 2025, Økokrim charged four men with defrauding investors of over NOK 900 million through a fake crypto scheme. Over NOK 700 million was laundered by concealing criminal proceeds and failing to report suspicious activity.

  • Poland (EU Member)

  • The Crypto-Asset Market Act (2025) establishes a comprehensive licensing and supervisory framework for crypto-asset service providers and token issuers under the oversight of the Komisja Nadzoru Finansowego (KNF - Financial Supervision Authority). This Act aligns national legislation with the EU’s MiCA and TFR and introduces stringent rules concerning operations, client protection, reporting, and enforcement. Additionally, it amends several existing laws, including the AML Act, as well as the Civil and Penal Codes and the Tax Codes.

  • Notable case: In June 2025, in exercise of its oversight functions, KNF approved the prospectus for the Beta ETF Bitcoin Portfolio FIZ submitted by Towarzystwo Funduszy Inwestycyjnych SA.

  • The AML Act of 2018 was amended in 2021 to include VASPs as obligated entities, requiring registration in the Virtual Asset Service Provider Register and adherence to AML/CFT obligations. The 2023 amendment introduced stricter penalties for failing to register as a CASP, as well as administrative fines for AML violations, with oversight from the Head of Krajowa Administracja Skarbowej (KAS- National Revenue Administration). Future amendments in 2024 and 2025 aligned the law with the EU MiCA, requiring CASPs to verify sources of funds for high-risk transactions above specified thresholds and clarifying licensing and transitional periods, with joint supervision from KNF and KAS.

  • Published Tax Rules by the Ministry of Finance guide how cryptocurrencies are taxed in Poland. For instance, a 19% income tax is charged on income obtained from the sale of virtual currencies, and a report must be submitted annually using Form PIT 38.

  • Portugal (EU Member)

  • The EU MiCA applies to Portugal as a member of the EU. However, there is currently no national implementing law in place. The Bank of Portugal has indicated that, despite the MiCA regulation being legally effective, only existing and operational CASPs registered with it under Law No. 83/2017 and Notice No. 3/2021 as of 30 December 2024 may continue their activities during this transitional period. Furthermore, the bank is not yet accepting new authorisation applications under MiCA due to the national legal vacuum.

  • Law No. 83/2017 is Portugal’s AML/CFT law. Amendments from Laws No. 58/2020 and 99-A/2021 require VASPs to register with the Bank of Portugal, implement AML/CFT measures (including KYC and reporting), and are subject to supervision. Non-compliance may result in sanctions, including fines and cancellation of registration.

  • Notable case: In 2021, the Lisbon Court of Appeal upheld the suspension of RC, Lda.’s bank accounts due to suspicions of money laundering and tax fraud, resulting in a freeze on all account activity by authorities under the AML Law.

  • Bank of Portugal Notice No. 1/2023 provides detailed rules on how registered VASPs are to fulfil the AML/CTF obligations, including governance (must have a compliance officer), risk monitoring (use of analytical tools and data systems), transaction analysis, and reporting duties.

  • Bank of Portugal Notice No. 3/2021 establishes the registration process for entities intending to carry out virtual asset activities in Portugal, detailing the required documentation and procedures under Article 112.º-A of Law No. 83/2017. The Bank maintains a register for VASPs.

  • Romania (EU Member)

  • Draft Ordinance (May 2025) implements the EU MiCA in Romania, designating the Financial Supervisory Authority (Autoritatea de Supraveghere Financiară – ASF) and the National Bank of Romania (Banca Națională a României – BNR) as competent authorities, establishing licensing rules for crypto-asset service providers (including those operating cryptocurrency automated teller machines), setting technical and security requirements, defining sanctions for non-compliance, and introducing a 0.5% supervisory fee on monthly revenues from crypto-related activities.

  • AML/CFT law, Law No. 129 of 2019 (amended in 2025), includes several important provisions. The 2020 amendment officially recognised VASPs and digital wallet providers as obliged entities, requiring them to comply with all AML/CFT regulations and to register appropriately before commencing operations. Further amendments made between 2021 and 2025 aimed to simplify registration obligations, facilitate electronic submission of beneficial owner declarations, implement enhanced due diligence for high-risk cases, and align the law with the EU MiCA.

  • Notable case: In July 2024, Romanian authorities recovered about 95% of funds that were illegally transferred from a blockchain, placed the suspects under judicial control, and held seized crypto assets with the National Agency for the Management of Seized Assets (Agenția Națională de Administrare a Bunurilor Indisponibilizate – ANABI).

  • PROCEDURA 05/06/2025 establishes a de minimis aid scheme for SMEs aimed at promoting green and digital investments. Notably, this scheme excludes cryptocurrency mining and storage systems from eligibility. Additionally, HOTĂRÂREA No. 25 (23/06/2025) extends taxation on cryptocurrency profits, integrates crypto into anti-evasion efforts, and introduces broader fiscal reforms designed to enhance transparency and compliance.

  • DECIZIA nr. 34/2021 by Romania’s High Court states that profits from virtual currency transactions are taxable as “income from other sources,” requiring individuals to declare and pay income tax and health contributions. This ruling allows the National Agency for Fiscal Administration (Agenția Națională de Administrare Fiscală – ANAF) to enforce taxation on crypto gains and sets the groundwork for future regulations. Furthermore, the 2025 CARF Commitment by the Ministry of Finance aligns Romania with the OECD’s CARF, mandating laws by 2027 for CASPs to identify clients, collect transaction data, and report it to ANAF for international sharing.

  • Russia

  • The Special Experimental Legal Regime (ЭПР- EPR) 2025 proposes a legal framework for limited cryptocurrency trading by specially qualified investors. This pilot programme introduces a three-year regime allowing only individuals with assets exceeding ₽100 million or an annual income of over ₽50 million, as well as qualified institutions, to engage in crypto trading. The use of cryptocurrency for payments outside this regime is prohibited, and violations will be penalised. Outside the regime, qualified investors may access crypto-linked derivatives or digital financial assets (DFAs) but will not have access to actual cryptocurrency delivery. The primary aim of this framework is to enhance transparency and manage risks while maintaining the status of cryptocurrency as non-legal tender.

  • Federal Law No. 418-FZ of 29 November 2024 integrates digital currency into the tax system by recognising it as property. It mandates tax reporting for income from mining and trading, requires quarterly reporting by mining operators, and exempts crypto mining, sales, and certain services from VAT. Income is defined based on market value using foreign exchange data, with no revaluation of crypto holdings for tax purposes. Simplified and self-employed tax regimes for crypto activities are restricted, but documented mining expenses can be deducted. FIFO (first in, first out) or unit-based cost accounting for disposals is permitted, and violations incur a ₽40,000 fine.

  • Federal Law No. 221-FZ of 8 August 2024 introduces mandatory registration for crypto miners and infrastructure operators, bans large-scale mining by unregistered entities, and restricts participation by individuals linked to crime or terrorism. It prohibits crypto advertising, limits digital asset access to approved investors, and allows foreign assets only if authorised and registered. Additionally, the Bank of Russia or the government can ban mining or limit energy use regionally.

  • Federal Law No. 259-FZ of 31 July 2020 regulates DFAs and Digital Currency in Russia. It defines DFAs, designates Information System Operators (ОИС) to issue DFAs and DFA Exchange Operators to trade them, both subject to Bank of Russia registration, AML/CFT rules, and licensing. The Bank of Russia oversees compliance, maintains registries, and sanctions. Mining, mining pools, and infrastructure providers are legally recognised and must be registered. However, digital currency is banned as a domestic payment method, but may be used in foreign trade under special regulatory regimes. Furthermore, the law also prohibits public promotion of digital currency, enforces KYC, and allows the Bank of Russia to restrict access to foreign digital assets and regulate investor eligibility.

  • Federal Law No. 115-FZ, enacted on 07.08.2001, is Russia’s AML/CFT law. This law has undergone various amendments up to 2025, categorising digital currency as property and integrating crypto-related activities—including issuance, exchange, and mining—into its regulatory framework. It designates crypto operators, such as DFA issuers, exchanges, and mining pool organisers, as obligated entities, requiring them to implement mandatory KYC measures, internal controls, transaction monitoring, and suspicious activity reporting. Furthermore, it empowers the Federal Service for Financial Monitoring (Rosfinmonitoring – Федеральная служба по финансовому мониторингу) to maintain blacklists of suspicious blockchain addresses, authorise wallet freezes, and enforce due diligence on crypto-related cross-border payments.