MiCA in the Balkans
What crypto firms need to know
It's no news that MiCA is changing the game for crypto businesses across Europe, and the Balkans are no exception.
It creates the first harmonised framework for crypto-asset service providers such as exchanges, custodians, wallet providers, and token issuers. While MiCA is directly applicable across the EU, each country sets up its own local rules, supervisory authorities, and licensing processes.
Here’s a look at how Bulgaria, Croatia, and Romania are implementing MiCA and what it means for crypto companies.
BULGARIA
Bulgaria fully adopted MiCA through the MICAL law, which came into effect in July 2025. Now, any CASP operating in the country must comply with both EU and local rules, supervised by the Financial Supervision Commission (FSC) or the Bulgarian National Bank for e-money tokens
Bulgaria has opted for the full 18-month transitional period, allowing existing Virtual Asset Service Providers (VASPs) to continue operating until July 1, 2026, while they apply for a MiCA licence.
The Financial Supervision Commission (FSC) encourages open dialogue with businesses, sending registered VASPs questionnaires to assess their readiness for licensing and to discuss business structures and MiCA compliance.
As part of this process, applicants should also expect in-person meetings with the FSC before submitting their applications, a unique feature designed to provide guidance and clarify regulatory requirements.
Key requirements include:
- At least two directors, with one Bulgarian resident fully dedicated to the company
- Management expertise in blockchain or crypto; additional technical directors may be required
- Recognition of foreign diplomas and critical documents by Bulgarian authorities
- Detailed three-year business plans with realistic, optimistic, and pessimistic projections
Even though Bulgaria started its MiCA licensing process later than some countries, the FSC aims to create a clear, supportive framework. This positions Bulgaria as an emerging hub for licensed crypto businesses in the region.
CROATIA
Croatia implemented MiCA through its MiCA Implementation Act on July 27, 2024, with EU MiCA fully in force by December 30, 2024.
The regulatory framework is divided into six areas:
- General provisions
- Competent authorities
- Licensing
- Corporate governance
- Terms of business
- Supervision
- Penalties
Basically, it covers everything from who needs a license to how rule-breaking will be handled.
Supervision is split between:
● Croatian National Bank (HNB): Oversees asset-referenced tokens (ARTs) and e-money tokens (EMTs)
● Financial Services Supervisory Agency (HANFA): Oversees exchanges, wallets, trading platforms, and other CASPs
If a company is already listed in the Virtual Asset Service Provider (VASP) register under Croatia’s anti-money laundering rules, it has until July 1, 2026, to apply for a full MiCA license. This 18-month transition period is designed to make the change to the new rules as smooth as possible.
Until a license is issued, HANFA will only oversee compliance with AML rules. Full consumer protections, like governance standards and complaint handling, will take effect only after the license is granted.
Important points for crypto firms:
● Check the HANFA register before partnering with crypto providers
● There is no Investor Protection Fund, so investors bear the risk if a provider goes bankrupt
● Public token offerings must include detailed white papers
HANFA encourages pre-application meetings and submission of business questionnaires. Applications are due December 31, 2025, aligning with ESMA standards.
ROMANIA
Romania is moving quickly to align with MiCA. On May 26, 2025, the Ministry of Public Finance published a draft Emergency Government Ordinance (GEO) to implement MiCA at the national level. While still in draft form, it sets a roadmap for licensing and regulation.
Supervision is split between:
● Financial Supervisory Authority (ASF):
Responsible for authorizing and supervising CASPs, including exchanges, custodians, advisors, and crypto ATMs. ASF can also issue secondary legislation detailing licensing procedures and technical requirements within 30 days of the GEO’s entry into force.
● National Bank of Romania (BNR):
Supervises credit institutions engaged in crypto activities, as well as the issuance of e-money tokens (EMTs) and other bank-linked crypto products.
Crypto service providers must first obtain technical approval of their IT systems from the Authority for Digitalization of Romania (ADR) before applying for an ASF license. ASF and BNR can also draw on support from other state institutions, such as consumer protection, fiscal authorities, and cybersecurity agencies.
Licensing and Compliance Requirements
To operate legally in Romania under MiCA, CASPs must meet the following:
- Clean regulatory record: No outstanding taxes or relevant criminal convictions.
- Defined corporate scope: Companies must update their corporate purpose to include crypto-asset services.
- Technical and cybersecurity compliance: Platforms and ATMs must pass ADR evaluations.
- Ongoing obligations: Maintain capital and prudential standards, comply with AML/KYC rules, report to regulators, and undergo regular technical audits.
- Additionally, Romania introduces a new regulatory tax of 0.5% of monthly operating income, payable to ASF. As the GEO is still draft, this tax requirement may be subject to change.
Transitional Regime
The draft GEO provides a transitional period for existing operators:
- CASPs already active can continue operations if they apply for authorisation within 30 days of the GEO’s entry into force. This window applies only once the GEO is formally adopted.
- Full authorization must be completed by 30 November 2025. This deadline is provisional and depends on the final adoption of the GEO.
- ASF is expected to process all applications within this tight timeframe, though administrative bottlenecks could affect timing.
Enforcement and Sanctions
ASF and BNR have broad powers to ensure compliance, including:
- Administrative fines
- Warnings and mandatory remedial actions
- Suspension of activities for up to three years
- Licence revocation for serious or repeated breaches
- Appeals processes: ASF decisions can be challenged at the Bucharest Court of Appeal; BNR decisions first go to its Board of Directors, then to the High Court of Cassation and Justice.
The draft GEO creates legal clarity and structure, aligning Romania with EU-wide MiCA standards. Early movers who secure licenses can gain credibility, access, and opportunities across the EU.
What This Means for Crypto Firms in the Balkans
MiCA is transforming the Balkans into a more regulated, transparent, and investor-friendly region. Each country has its own approach, deadlines, and supervisory structures, but the goal is the same: ensuring licensed crypto businesses operate safely and fairly
Crypto firms in Bulgaria, Croatia, and Romania should:
● Start preparing license applications early
● Build robust governance, risk management, and AML/KYC systems
● Keep updated with national and EU-level changes
● Plan for transitional periods to continue operations legally
With MiCA, the Balkans are becoming an attractive destination for compliant crypto businesses, offering the chance to operate across the EU while building trust with investors and customers.
.svg){kind=icon}
.png)
.jpeg)
.jpg)
